Information Technology Security Risk Control Management Analyst

Job Description

The Information Technology Security Risk Control Management Analyst is a senior-level position focused on identifying, assessing, and mitigating information security risks within the organization. This role encompasses conducting risk control self-assessments (RCSAs), managing risk mitigation strategies, ensuring compliance with relevant regulations, and generating detailed risk reports. The Analyst will collaborate with multiple departments, including IT, Technology Risk Management (TRM), Regulatory Affairs, Legal, and Compliance, to promote cohesive risk management practices throughout the organization. Additionally, the development of metrics and management reports will be a key focus, as this role is vital for safeguarding the organization’s information assets and maintaining data integrity and confidentiality while continuously enhancing risk management and compliance practices.

Key Responsibilities :

• Lead and coordinate the RCSA process to evaluate the effectiveness of current controls, identify gaps, develop new controls, and recommend enhancements.
• Conduct regular risk assessments to identify potential threats and vulnerabilities impacting the organization’s information systems and data.
• Analyze risk data to evaluate the potential impact and likelihood of identified risks.
• Develop and implement strategies and controls to manage and mitigate identified risks, including recommending improvements to security policies and procedures.
• Utilize Governance, Risk, and Compliance (GRC) tools to streamline risk management processes, track compliance, and ensure effective governance across the organization.
• Ensure compliance with relevant regulations, standards, and best practices in information security.
• Assist in responding to security incidents and breaches, including conducting investigations and recommending corrective actions.
• Support the risk decision-making process by applying a risk-based approach.
• Participate in the development and execution of risk treatment plans.
• Prepare comprehensive risk assessment, RCSA, and GRC reports for senior management, highlighting key risk areas and suggesting actionable improvements.
• Collaborate with various departments to ensure cohesive and effective risk management practices.
• Develop and deliver risk control training and awareness programs for staff on information security practices and risk management.

The salary range for the VP position will be between $, -$,. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.

Required Skills / Qualifications / Experience

Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field.

Strong understanding of information security principles and frameworks.

Proven experience with risk assessment tools and methodologies.

Proficiency in leading and facilitating RCSA processes.

Knowledge of relevant regulations and standards (e.g., NIST, FFIEC, ISO / IEC ).

Expertise in using GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC).

Strong analytical and problem-solving skills.

Effective communication and presentation abilities, with the capacity to convey complex concepts to diverse audiences.

Relevant certifications such as CRISC, CISM, or CISSP are highly preferred.