Senior IT Risk Analyst - IT General Controls

Excited to grow your career?

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!

Our people make all the difference in our success.

The Job:

We are seeking a proactive and detail-oriented Technology Risk Lead Analyst to join our Technology Risk & Controls organization. This role is pivotal in ensuring the integrity, reliability, and security of our IT environment by leading the development, articulation, and testing of IT General Controls (ITGCs). The ideal candidate will act as a trusted advisor to key stakeholders, driving effective risk management practices across the organization.

Key Responsibilities:

ITGC Development & Articulation:

• Develop and document a comprehensive ITGC framework tailored to the organization’s technological landscape.

• Ensure alignment of ITGCs with regulatory requirements, industry standards (e.g., SOX, ISO 27001, COBIT), and internal policies.

• Evaluate the design effectiveness and identify and communicate gaps or weaknesses in existing ITGCs, recommending practical solutions for remediation.

ITGC Testing & Validation:

• Design and execute testing plans to evaluate the operational effectiveness of ITGCs, ensuring compliance and audit readiness.

• Coordinate with internal and external auditors to facilitate ITGC assessments and audits.

• Track and validate remediation efforts for identified control deficiencies, ensuring timely resolution.

Stakeholder Collaboration & Reporting:

• Act as a liaison between technology, compliance, and risk management teams to promote a shared understanding of IT risks.

• Develop and deliver reports, dashboards, and presentations to senior management, highlighting key risks and control performance metrics.

• Provide training and guidance to teams on ITGC processes, ensuring consistent implementation and awareness.

Qualifications and Experience:

• Bachelor’s degree in Information Technology, Computer Science, Risk Management, Business Administration or a related field.

• 3-5 years of experience in IT Risk management, IT audit, or IT controls. Experience within the Insurance Industry will be a plus.

• Strong understanding of ITGC domains: access controls, change management, data integrity, and IT operations.

• Knowledge of regulatory and compliance frameworks (e.g., SOX, GDPR, PCI-DSS, NIST).

• Experience with GRC (Governance, Risk, and Compliance) tools and frameworks.

• Excellent analytical and problem-solving skills with the ability to manage complex data and processes.

• Effective communication and stakeholder management skills, with the ability to influence and educate diverse audiences.

• Certifications (Preferred): i) Certified Information Systems Auditor (CISA), ii) Certified Risk and Information Systems Control (CRISC), iii) Certified in Governance of Enterprise IT (CGEIT), iv) Certified Information Systems Security Professional (CISSP)

Key Competencies:

• Analytical thinking and problem-solving, with the ability to identify issues or risks that require escalation.

• Demonstrated ability to work independently with minimal supervision.
• Attention to detail and ability to manage multiple priorities.
• Strategic mindset with a focus on continuous improvement.
• Proactive and self-motivated, with a keen sense of ownership and accountability.
• Adaptable in a fast-paced, evolving regulatory landscape.

Please note that you must meet our posting guidelines to be eligible for consideration.  Policy can be reviewed at this link.