We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Equiliem jobs

IT Risk Analyst

Equiliem
United States, Georgia, Atlanta
Apr 30, 2025
The IT Risk Analyst is responsible for developing, testing, and maintaining IT security controls and managing IT risk-related documentation. This position focus on compliance with frameworks such as NIST CSF, NYDFS NYCRR 500, and Regulation S-P while leveraging GRC platforms to assess and manage IT risks effectively. This position will manage the IT risk register, oversee control assessments, and ensure accurate reporting of risks.

The ideal candidate will have a proven ability to write and present clear assessment reports and develop thorough documentation. This role requires a balance of technical knowledge, analytical skills, and the ability to communicate findings to technical and non-technical stakeholders. This position offers the opportunity to work with cross-functional teams, engage with senior leadership, and contribute to a growing risk management program.

Responsibilities

* IT Controls Development and Testing

* Design, document, and test IT controls derived from NIST frameworks (e.g. CSF, SP 800-53), NYDFS NYCRR 500, and Regulation S-P.

* Conduct control assessments, document findings, and support remediation efforts.

* Write detailed and well-organized reports on IT control assessments, findings, and recommendations.

* Partner with IT teams to identify and mitigate gaps in control implementation.

GRC Platform Utilization

* Use a GRC platform to conduct IT control assessments, document findings, and manage the IT risk lifecycle.

* Ensure accurate and timely updates to the IT risk register using GRC tools.

* Develop dashboards and reports from the GRC platform to provide insights to stakeholders.

IT Risk Register Management

* Maintain the IT risk register, tracking control and IT risk issues, mitigation efforts, and resolution timelines.

* Conduct regular reviews of the risk register to track progress and prioritize remediation efforts.

* Generate periodic reports on risk trends, control effectiveness, and issue resolution for management and governance committees.

Regulatory Compliance and Reporting

* Monitor regulatory updates and adjust IT controls and risk processes to ensure compliance.

* Support internal and external audits and regulatory reviews, preparing evidence and responding to queries.

Collaboration and Continuous Improvement

* Contribute to the enhancement of IT risk management processes, tools, and methodologies.

* Contribute to the development of IT risk policies, procedures, and training materials.

* Provide guidance and training to other team members on risk and control-related topics.

Required Qualifications

* Bachelor's degree in information technology, cybersecurity, risk management, or a related field.

Significant practical experience will be considered in lieu of degree.

* 3-5 years of experience in IT risk management, IT security, or regulatory compliance.

* 3+ years of experience with IT General Controls rationalization and testing on Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Application Security, IT operations, Network Security, and Cloud Computing).

* Strong working knowledge of NIST frameworks (e.g., CSF, SP 800-53).

* Proficiency in using GRC platforms to manage IT risk registers, control assessments, and tracking remediation efforts.

* Demonstrated ability to write and present detailed assessment reports and create comprehensive documentation.

* Excellent analytical and communication skills, with the ability to present technical concepts clearly. * Effective communication skills, both written and verbal, with the ability to convey complex concepts to diverse audiences.

Preferred Certifications, such as:

o Certified Information Systems Auditor (CISA).

o Certified Risk and Information Systems Control (CRISC).

o Certified Information Systems Security Professional (CISSP).

* Experience with risk management in regulated industries (e.g., financial services).

* Proficiency in using AuditBoard to manage IT risk registers, control assessments, and tracking remediation efforts
Applied = 0
MORE JOBS LIKE THIS

(web-94d49cc66-c7mnv)