IT Policy Exceptions Analyst

Job Title: IT Policy Exceptions Analyst

Department/Group: Business Division A / Raymond James (RJ)

Reports to: TRA Supervisor Raymond James

Classification: Part-time Hourly) Non-Exempt

Role and Responsibilities

The IT Policy Exception Analyst role will be responsible for overseeing and managing the process of handling policy exceptions within the Information Technology department. They will collaborate closely with various stakeholders, including IT managers, security teams, and business unit leaders, to ensure that exceptions to established IT policies are evaluated, documented, and addressed appropriately.

Key Responsibilities:

• Conduct Policy Exception Evaluations responsible for the processing IT exclusions to policies and standards.
• Review deviation from IT industry security practices through the Information Security Exception Review.
• Comprehensive explanation, justification and description as to why the exception is being requested.
• Log discussions, findings discovered and any other relevant details.
• Review and assess requests for exceptions to IT policies, standards, and procedures.
• Analyze the potential risks associated and weigh them against business needs and compliance requirements.
• Assess attack surface and threat vector based on vulnerabilities imposed on assets inherent to software, hardware, and infrastructure.
• Maintain a comprehensive record of all policy exception requests, including details of evaluations, decisions, justifications, and remediation plans. Collaborate with relevant stakeholders to ensure clear communication of the exception status and reasons behind approvals or rejections.
• Create a plan of action or milestones to track progress of remediation.
• Document any pertinent information or details on IT risks, threats and vulnerabilities associated with information systems.
• Ensure compliance adherence that all IT policy exception processes align with relevant regulations, industry standards, and internal policies.
• Regularly assess and update the policy exception handling procedures to address emerging challenges and changes in regulations.
• Ensures quality methods and procedures are documented for assets part of audit related requirements such as SOX, PCI DSS, and SWIFT.
• Identify potential security and operational risks resulting from approved policy exceptions and work with relevant teams to mitigate these risks effectively.
• Provide details regarding the incident response monitoring or compensating controls that will be used to offset the risk.
• Leverages various processes, tools, and strategies of identifying, evaluating, treating, and reporting on security vulnerabilities
• Identifying vulnerabilities and flaws that can be exploited in systems, networks, and applications

Key Accountabilities

• Communicate well with multiple parties. Responsible for liaising extensively with internal Raymond James teams, external vendors, third parties, regulators, and anyone else related to the testing work at hand.
• Manage their time effectively.
• Maintain thorough documentation of processes and procedures
• Maintain report of completed assignments and completion progress
• Meet weekly with UMRF Venturer management
• Ensure RJ/UMRF Ventures internal and external departmental communication procedures are followed
• Follow UMRF Ventures and Raymond James guidelines and policies.

Skills & Knowledge

• Excellent communication skills

• Effective time management

• Detailed oriented

• Required: Experience with ServiceNow, Excel, SOX, PCI DSS, and SWIFT

Qualifications and Education Requirements

• Preference: UMRFV Raymond James departmental experience or knowledge and familiar with RJ systems

• Performance metrics and work ethics must be exemplary

• Preferred: STEM related curriculum / major