Risk Management Specialist

Technical Business Analyst

6 Months Contract

Chicago, IL, or Seattle, WA

Description:

This role is pivotal in managing and processing Security Policy Exception (SPE) requests while ensuring compliance with established policies and standards.

Key responsibilities include:

• Review and Analysis, evaluate SPE requests to:
• Identify the business reasons for exceptions and the policies or standards impacted.
• Ensure the required information is in the correct fields
• Confirm all pre-requisite tickets and approvals have been addressed.
• Confirm the request has enough detail for the approver to decide to accept or reject the request.
• Analyze the details in the Privacy Security & Compliance (PSC) ticket associated with the request and incorporate the requirements from the Compliance and Security Architect teams into the SPE process.
• As a secondary function when needed, analyze expired SPEs to ensure remediation has taken place, it may be necessary to re-engage with the requester and re-open the SPE
• Verify connectivity request (CNRQ) ticket details, ensuring alignment with what is being requested in the SPE
• Assist with Security & Privacy policy and standard updates when needed.

Documentation and Reporting:

• Prepare PowerPoint decks for weekly meetings, maintain up-to-date records in the ServiceNow SPE Risk Register, ensuring all data is current and accurate, and generate and present metrics on a weekly, monthly, quarterly, and annual basis to demonstrate the SPE program's status and effectiveness.
• Create reports for GRC (Governance, Risk, and Compliance) and other security and business leadership as required.

Collaboration and Coordination:

• Work with the Risk team to calculate risk scores and process SPEs for review and acceptance following the IRM (Integrated Risk Management) process.
• Schedule and facilitate meetings with various stakeholders on a weekly and ad hoc basis.
• Work with the various stakeholders to ensure alignment on their programs and processes that impact SPEs. Assist and support the compliance team with audits for NIST, PCI, etc

Tools:

To effectively perform the responsibilities of this role, proficiency with the following tools is required:

• ServiceNow: For managing tickets in the Risk Register.
• Jira: For tracking project work.
• SharePoint: For documentation and accessing shared files.
• Excel: For reporting and data analysis.
• Word: For creating detailed documentation.
• Outlook: For email communication and calendar management.
• PowerPoint: For preparing and delivering presentations.
• Zoom: For virtual meetings and collaboration.
• Operating Systems: Proficiency with the chosen operating system (Windows or Mac) is required to efficiently perform daily tasks