Technology Risk Analyst


: $109,323.33 - $170,130.00 /year *

Employment Type

: Full-Time


: Financial Services - Banking/Investment/Finance

Loading some great jobs for you...

Serve the people who serve the world by joining a dynamic organization dedicated to enriching the lives of its members, who in turn are dedicated to maintaining international peace and security. Positon includes analyzing both internal and external risks related to technology and understanding the potential impact in delivering on our mission, vision, and core values. Analysis entails obtaining an interconnected enterprise understanding of risks and in recommending response strategies to risks such as financials, competition, internal controls, analytics, modelling, protecting, and ensuring the privacy of member s information globally. Requires independence in performing oversight of the organization s risks related to technology, which are embedded throughout the organization and with third parties.

The Enterprise Risk Management (ERM) department welcomes bold and diverse thinking. It is not part of the Technology department which houses IT, Engineering, and Information Security. Rather, ERM is an oversight function whose purpose is to ensure that risks are not taken within the organization that will jeopardize delivering on our Strategy, Mission, Vision, and Core values.
Develop and manage an ongoing technology risk program as part of the overall ERM Program with the purpose of providing assurance that enterprise wide technology risks (includes information security risk) are effectively managed (e.g. identifying, measuring, mitigating, monitoring, reporting) and within risk appetite.
Provide knowledge, oversight, and challenge of interdependent technology and business risks related to items such as business continuity planning, disaster recovery, security controls, infrastructure, data management, project management, new systems/technologies, financial risks, and third-party risk management.
Provide risk oversight of technology activities such as determining whether existing information security controls are effective. Furthermore, risk oversight includes providing challenge and collaborating closely with Information Technology (IT) and Information Security (IS) personnel in understanding and developing effective risk management practices.
Perform independent risk identification and development of monitoring reports on IT, IS, third-party risk, etc. This also entails reviewing existing reporting and data to explain trends, exceptions, and to identify emerging technology risks and issues.
Develop risk measures/dashboards that measure risk and effectiveness of the technology risk program.
Facilitate administration and integration of risk data on a Governance, Risk, and Compliance system.
Assess adequacy of existing controls; determine and propose new appropriate controls for technology-related risks.
Maintain a good understanding of the structures and main activities of the ERM Department and how it supports the needs of the organization and its members.
Bachelor's degree (or Associate s degree with requisite experience) with majors or minors in any of the following: Computer Science, Languages, Literature, Information Science, Engineering, Information Systems, or related fields, coupled with related work experience supporting the delivery or improvement of IT services and systems
Technologist with more than 2 years in IT and IS related work is preferred, i.e. experience in technology field, including IT control environments or comparable experience working in roles such as technology startups, or as a consultant in a professional services firm delivering IT advisory services
Experience in planning complex projects, influencing product design and balancing business vs. technology benefits during all phases of a project lifecycle
Familiarity with IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, NIST, ISO, BITS, etc.
Experience in process improvements and ability to drive results across multi-disciplinary teams

Experience with IT and IS regulatory requirements is preferred
Ability to dive into unstructured data and produce actionable insights
Demonstrated in-depth technical capabilities and practical knowledge of technological concepts
Experience and familiarity with the following competencies are recommended:
IT systems integration
Technical delivery and agile transformation
IT transformation/complex program management
Program/portfolio architecture
Business and IT alignment
IT organizational change management
IT cost optimization and budget/financial and enterprise resource management
IT service/delivery management, including shared services.
Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles

Excellent verbal, written and interpersonal communication skills, facilitation and consensus-building skills and a high degree of personal initiative and attention to detail
Conceptual and practical thinking and implementation skills
Demonstrated relationship-building skills, with a superior ability to make things happen through the use of positive influence
Ability to work effectively in a small team while developing and maintaining strong working relationships with all levels across the organization
Ability to adapt, pivot, and handle multiple tasks simultaneously and meet established deadlines or changing priorities
Ability to independently plan, coordinate, and manage workload. Maintains an awareness of workload not directly under their control and demonstrates flexibility in making most effective use of resources to achieve objectives
Curious with analytical, influencing, problem solving, and negotiation skills
Strong self-management, sense of ownership, and organization skills
Ability to employ project management techniques to support and/or undertake projects recognizing and planning for particular areas of uncertainty
Motivated in learning new technologies and in identifying process improvements and efficiencies
Sound judgment when presented with difficult decisions, especially when only partial information is available
Can take initiative in a dynamic environment and is eager to learn and grow
Critical thinker with the ability to discern areas of risk, trends, and patterns
Has a risk management mindset, with the ability to challenge the status quo
Ability to learn quickly, connect the dots with a strong track record of developing idea from concept to deployment and delivering win-win solutions for the business
Can display positivity, kindness, and humility
Value creativity, out-of-the-box thinking, and problem solving

Standard office conditions

In addition to any specific job requirements in connection with Bank Secrecy Act and/or OFAC (BSA), employee must (i) be aware of BSA matters commensurate with the position; (ii) report any suspicious activity to the manager or compliance department; and (iii) satisfactorily complete any required BSA training.
Associated topics: business analytic, business finance, business intelligence, consult, financial analytic, financial reporting analyst, guidance, legal, strategy, valuation analyst * The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Create your profile now!

Create your Profile

Loading some great jobs for you...