Title: Risk Testing Analyst

Location: Charlotte, NC (3-days onsite, 2-days remote Hybrid Schedule)

Note: This role is NOT open to C2C or 3rd party candidates

This Risk Testing Analyst will work within the technology organization, functioning as the first line of defense. This role will be responsible for performing tests over the design and effectiveness for Technology, Data, and Information Security processes, applications, infrastructure controls, and risk management practices. This role will work closely with multiple stakeholders, including technology leaders and Subject Matter Experts. Technology Risk Professionals in this role will build and manage relationships with Subject Matter and technology partners. Effective partnership and collaboration with Enterprise Risk, Compliance, and Information Security teams is needed to evaluate, report, and resolve (as needed) risk and control issues. In this role, individuals will be expected to:

• Execute and perform testing of designs and effectiveness of technology, Information Security, and data controls
• Identify gaps in operational effectiveness and compliance with policies, standards, regulatory requirements, and industry best practices.
• Develop and present reports and action plans to business partners and senior management resulting from testing.
• Evaluate Technology, Cyber Security, and Data Management processes and systems for opportunities to improve compliance with internal policies/standard requirements, alignment to regulatory expectations, process improvement, and risk management
• Design, coordinate, and oversee testing procedures to verify the security of systems, networks, and applications, and manage the remediation of risks
• Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention

Position Qualifications:

• 2-4 years of experience performing audits for Technology, Cybersecurity, Audit, Compliance, and/or Risk Management
• Experience auditing IT/IS controls, including evaluating the design and operating effectiveness of control structures and compliance with internal policies and standards, as well as industry guidance
• Knowledge and understanding of Technology and Cybersecurity industry frameworks and guidance (i.e., NIST, FFIEC, ISO 27001/27002, etc.)
• A general understanding of fundamental technology and cybersecurity principles (e.g., Identity and Access Management, Vulnerability Management, Capacity Management, SDLC, Data Classifications, etc.)
• An understanding of different types of systems (e.g., applications, servers, virtual servers, APIs, SaaS, Cloud computing, etc.)
• Proficiency in the use of Microsoft Office products, including Word, Excel, PowerPoint, and SharePoint
• Ability to identify emerging technology risks and lead dialog among stakeholders
• Experience monitoring and driving information technology adherence to enterprise policies
• Experience reviewing management action plans to assess the effectiveness of proposed remediation and appropriateness of the timeline
• Experience documenting test results and providing support for informed, objective opinions of risk exposure
• Ability to engage directly with the Business Line to understand business offerings, processes, and procedures
• Experience communicating testing results, observations, and recommendations, both verbally and in writing, including escalating and reporting technology and operational risks concerns, as necessary
• Demonstrated ability to effectively synthesize and communicate ideas and insights across the organization, including with executive leadership
• Ability to develop and maintain strong working relationships with internal technology, risk, compliance, and audit partners
• Proficient written and verbal communication skills, with the ability to interact and influence personnel at all levels across the organization, including associations with mid-level leadership
• Ability to work effectively with peers and leaders while maintaining independence necessary to fulfill technology review and testing responsibilities
• Ability to exercise judgment, make conclusions, and influence a technology risk mindset with stakeholders
• Strong attention to detail and ability to maintain relevant risk industry knowledge, and research, compile, and report on data
• Strong critical thinking, problem-solving, and analytical skills
• Ability to function in a matrix organization and within cross-functional teams
• A minimum of a Bachelor’s Degree in Information Technology, Cybersecurity, Computer Science, or other related field

Note: This role is NOT open to C2C or 3rd party candidates

IND1

Job Types: Full-time, Contract

Pay: $85,000.00 per year

Benefits:

• Dental insurance
• Health insurance
• Vision insurance

Experience level:

• 2 years

Physical setting:

• Office

Schedule:

• 8 hour shift
• Monday to Friday

Ability to Relocate:

• Charlotte, NC: Relocate before starting work (Required)

Work Location: In person