At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application!
What You Can Expect At BBH
If you join BBH you will find a collaborative environment that enables you to step outside your role to add value wherever you can. You will have direct access to clients, information and experts across all business areas around the world. BBH will provide you with opportunities to grow your expertise, take on new challenges, and reinvent yourself—without leaving the firm. We encourage a culture of inclusion that values each employee’s unique perspective. We provide a high-quality benefits program emphasizing good health, financial security, and peace of mind. Ultimately we want you to have rewarding work with the flexibility to enjoy personal and family experiences at every career stage. Our BBH Cares program offers volunteer opportunities to give back to your community and help transform the lives of others.
Join us as a Sr. IT Risk Assurance Analyst
The Senior IT Risk Governance Analyst leads the Cyber Risk Assessment (CRA) and NYDFS programs, while supporting the SOC 2 and Risk and Control Self-Assessment (RCSA) programs for BBH. In this role, you’ll advise key stakeholders to ensure the risk assurance process flows smoothly end-to-end within your area of responsibility. Additionally, you’ll interpret detailed technical standards and regulations, comparing them to actual practices, including analyzing audit or policy compliance reports.
Key Responsibilities Include
Cyber & Technology Risk Assurance Program
- Lead and execute the annual CRA in accordance with industry best practices.
- Lead and perform ongoing monitoring and assessments to facilitate the NYDFS regulatory program.
- Execute and facilitate SOC 2 for technical and non-technical controls.
- Actively participate in and champion the RCSA program in accordance with the Enterprise Risk Management requirements.
- Work closely with IT and other control areas to ensure the initial design and enhancement of IT products, processes and best practices are in line with the risk profile of the Firm.
- Apply risk management processes to identify risk findings, enable control evaluation, recommend solutions, validate remediation plans, facilitate implementation and residual risk acceptance.
- Support and develop metrics and measurement systems that identify weaknesses in controls and drive remediation.
- Measure progress of IT control improvements, based on business value and risk mitigation through KPIs and KRIs.
- Lead and coordinate risk mitigation projects, as needed.
Incident Management and Analysis
- Track, compile, and review materials for external and internal IT audit/regulatory and compliance incidents.
- Support investigations and accurately report the details of data privacy and fraud incidents as well as track related remediation activity. Reporting includes the ability to inquire and communicate to varying audiences the discovery, triage, containment, scope, remediation, and long-term prevention of events.
Management Reporting and Communication
- Effectively communicate with IT and lines of business to ensure that the IT related policies, standards, and procedures are implemented as required by the firm.
- Deliver and enhance management level reports on the progress and state of Cyber & Technology Risk Governance program and initiatives.
Qualifications
- Bachelor’s degree or equivalent work experience/specialized training required.
- 7-10+ years of relevant IT work experience which may include Information Security, cybersecurity, IT enterprise architecture, IT assurance and / or IT governance, risk, and compliance areas.
- 5+ years experience in the financial services industry.
- Hands-on experience or working knowledge in multiple technical and security domains: IAM, firewall, network, secure solution design, VPN, encryption, vulnerability & code review, Windows/Unix/Linux server security, SSO, MFA, industry security framework and standards, various protocols (e.g., TCP/IP, UDP, MPLS, SSL/TLS, SSH, HTTPS, FTP, RDP, ICA, BGP, LDAP, etc.).
- Strong working knowledge of IT related regulatory requirements such as NYDFS Part 500 and industry frameworks including ITIL, FFIEC, COBIT, ISO, and NIST CSF 2.0
- CISSP, CISM, CISA, CRISC preferred
- Certification or working knowledge of GRC tools such as Archer.
- Strong awareness of the current IT security threat landscape.
- Ability to give presentations at all levels of management.
- Self-starter with attention to detail that believes in continuous learning and improvement in all areas.
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.
- Must be able to work independently and with minimal direct supervision.
- Strong ability to communicate technical information to non-technical team members.
- Excellent collaboration and influencing skills.
- Strong analytical and writing skills, with the ability to clearly present and articulate ideas.
- Highly motivated and proactive, with demonstrated initiative, problem-solving abilities, and a drive to propose solutions.
This role can be based in either our Jersey City or Boston locations and will be a hybrid role, with three days in office.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.
Salary Range
Jersey City: $110k-$150k base salary + annual bonus target
BBH’s compensation program includes base salary, discretionary bonuses, and profit-sharing. The anticipated base salary range(s) shown above are only for the indicated location(s) and may differ in other locations due to cost of living and labor considerations. Base salaries may vary based on factors such as skill, experience and qualification for the role. BBH's total rewards package recognizes your contributions with more than just a paycheck—providing you with benefits that enhance your experience at BBH from long-term savings, healthcare, and income protection to professional development opportunities and time off, our programs support your overall well-being.