The primary focus of this position is to ensure the integrity, confidentiality, and availability of data through effective risk management practices. This includes writing, logging, and maintaining risk exceptions in a risk registry, implementing and monitoring data loss protection strategies, generating comprehensive risk reports, and ensuring compliance with IT regulatory standards. The IT Risk Analyst works closely with various stakeholders to develop and implement risk mitigation strategies, contributing to the overall security posture and regulatory compliance of the organization.
Key Accountabilities/Deliverables:
Third Party Risk Management:
- Conduct risk assessments on third-party vendors and partners to identify potential IT security risks.
- Collaborate with procurement, legal, and other relevant departments to ensure third-party vendors comply with organizational IT security policies.
- Monitor and track vendor risk issues, ensuring timely resolution and compliance with agreed-upon controls.
Risk Exception Management:
- Write, log, and maintain risk exceptions in the risk registry.
- Review and analyze risk exceptions to determine the potential impact on the organization.
- Work with stakeholders to develop mitigation strategies for identified risks.
- Ensure all risk exceptions are documented, tracked, and reported accurately.
Data Loss Protection (DLP):
- Implement and maintain data loss protection policies and tools.
- Monitor and respond to DLP incidents to prevent data breaches.
- Analyze DLP events and work with IT teams to strengthen controls and reduce false positives.
Risk Reporting:
- Develop and maintain regular risk reports for senior management, including insights into emerging risks and trends.
- Communicate risk assessment findings to stakeholders, providing clear recommendations for risk mitigation.
- Maintain up-to-date records of risk management activities in accordance with organizational policies.
Regulatory Compliance:
- Ensure compliance with IT regulatory requirements, including data protection laws, industry standards, and internal policies.
- Stay updated on regulatory changes that may impact the organization’s IT risk posture.
- Assist in audits and regulatory assessments by providing necessary documentation and evidence of compliance.
Technical Knowledge and Understanding:
- Understanding of Microsoft Purview, Sentinel, Defender
- Understanding of Risk Management and Assessment Principles
- Understanding of PowerBI and other reporting platforms
Experience:
- Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field.
- IT Risk experience preferred but not required.
Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa for this position.
At Core Specialty, you will receive a competitive salary and opportunities for professional development and advancement. We offer medical, dental, vision, and life insurances; short and long-term disability; a Company-match of 100% of a 6% contribution 401(k) plan; an Employee Assistance Plan; Health Savings Account, Flexible Spending Account, Health Reimbursement Account, and a wellness program