25 days old

Technology Risk Analyst

LIC - HQ
Long Island City, NY 11101
  • Job Code
    118840261

Overview

Serve the people who serve the world by joining a dynamic organization dedicated to enriching the lives of its members, who in turn are dedicated to maintaining international peace and security. Positon includes analyzing both internal and external risks related to technology and understanding the potential impact in delivering on our mission, vision, and core values. Analysis entails obtaining an interconnected enterprise understanding of risks and in recommending response strategies to risks such as financials, competition, internal controls, analytics, modelling, protecting, and ensuring the privacy of member’s information globally. Requires independence in performing oversight of the organization’s risks related to technology, which are embedded throughout the organization and with third parties.

The Enterprise Risk Management (ERM) department welcomes bold and diverse thinking. It is not part of the Technology department which houses IT, Engineering, and Information Security. Rather, ERM is an oversight function whose purpose is to ensure that risks are not taken within the organization that will jeopardize delivering on our Strategy, Mission, Vision, and Core values.



Responsibilities

  • Develop and manage an ongoing technology risk program as part of the overall ERM Program with the purpose of providing assurance that enterprise wide technology risks (includes information security risk) are effectively managed (e.g. identifying, measuring, mitigating, monitoring, reporting) and within risk appetite.
  • Provide knowledge, oversight, and challenge of interdependent technology and business risks related to items such as business continuity planning, disaster recovery, security controls, infrastructure, data management, project management, new systems/technologies, financial risks, and third-party risk management.
  • Provide risk oversight of technology activities such as determining whether existing information security controls are effective. Furthermore, risk oversight includes providing challenge and collaborating closely with Information Technology (IT) and Information Security (IS) personnel in understanding and developing effective risk management practices.
  • Perform independent risk identification and development of monitoring reports on IT, IS, third-party risk, etc. This also entails reviewing existing reporting and data to explain trends, exceptions, and to identify emerging technology risks and issues.
  • Develop risk measures/dashboards that measure risk and effectiveness of the technology risk program.
  • Facilitate administration and integration of risk data on a Governance, Risk, and Compliance system.
  • Assess adequacy of existing controls; determine and propose new appropriate controls for technology-related risks.
  • Maintain a good understanding of the structures and main activities of the ERM Department and how it supports the needs of the organization and its members.
  • <br /><b>Overview</b><br/><br /><p style="margin: 0in; margin-bottom: .0001pt;"><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in;"><span style="border: 1pt none windowtext; padding: 0in;">Serve the people who serve the world by joining a dynamic organization dedicated to enriching the lives of its members, who in turn are dedicated to maintaining international peace and security. </span>Positon includes analyzing both internal and external risks related to technology and understanding the potential impact in delivering on our mission, vision, and core values. Analysis entails obtaining an interconnected enterprise understanding of risks and in recommending response strategies to risks such as financials, competition, internal controls, analytics, modelling, protecting, and ensuring the privacy of members information globally. Requires independence in performing oversight of the organizations risks related to technology, which are embedded throughout the organization and with third parties.</span></p><p style="margin: 0in; margin-bottom: .0001pt;"> </p><p style="margin: 0in; margin-bottom: .0001pt;"><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in;"><span style="border: 1pt none windowtext; padding: 0in;">The Enterprise Risk Management (ERM) department welcomes bold and diverse thinking. It is not part of the Technology department which houses IT, Engineering, and Information Security. Rather, ERM is an oversight function whose purpose is to ensure that risks are not taken within the organization that will jeopardize delivering on our Strategy, Mission, Vision, and Core values. </span></span></p><br /><br /><b>Responsibilities</b><br/><br <ul><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Develop and manage an ongoing technology risk program as part of the overall ERM Program with the purpose of providing assurance that enterprise wide technology risks (includes information security risk) are effectively managed (e.g. identifying, measuring, mitigating, monitoring, reporting) and within risk appetite.</span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Provide knowledge, oversight, and challenge of interdependent technology and business risks related to items such as business continuity planning, disaster recovery, security controls, infrastructure, data management, project management, new systems/technologies, financial risks, and third-party risk management.</span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Provide risk oversight of technology activities such as determining whether existing information security controls are effective. Furthermore, risk oversight includes providing challenge and collaborating closely with Information Technology (IT) and Information Security (IS) personnel in understanding and developing effective risk management practices.</span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Perform independent risk identification and development of monitoring reports on IT, IS, third-party risk, etc. This also entails reviewing existing reporting and data to explain trends, exceptions, and to identify emerging technology risks and issues. </span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in;">Develop risk measures/dashboards that measure risk and effectiveness of the technology risk program. </span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Facilitate administration and integration of risk data on a Governance, Risk, and Compliance system.</span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Assess adequacy of existing controls; determine and propose new appropriate controls for technology-related risks.</span></li><li><span style="font-family: Arial, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;"><span style="font-family: arial, helvetica, sans-serif;">Maintain a good understanding of the structures and main activities of the ERM Department and how it supports the needs of the organization and its members.</span> </span></li></ul> <img src="https://analytics.click2apply.net/v/eorAjMINNJbmujxYhdNjl"> <br/><br/><br /><b>Qualifications</b><br/><br /><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><strong>TYPE & AMOUNT OF EXPERIENCE:</strong></span></p><ul><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Bachelor's degree (or Associates degree with requisite experience) with majors or minors in any of the following: Computer Science, Languages, Literature, Information Science, Engineering, Information Systems, or related fields, coupled with related work experience supporting the delivery or improvement of IT services and systems </span></li><li><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Technologist with more than 2 years in IT and IS related work is preferred, i.e. experience in technology field, including IT control environments or<span style="border: none windowtext 1.0pt; padding: 0in;"> comparable experience working in roles such as technology startups, or as a consultant in a professional services firm delivering IT advisory services</span></span></li><li><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;">Experience in planning complex projects, influencing product design and balancing business vs. technology benefits during all phases of a project lifecycle</span></li><li><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><span style="border: 1pt none windowtext; padding: 0in;">Familiarity with IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, </span><span style="border: 1pt none windowtext; padding: 0in;">NIST, ISO, BITS, etc.</span></span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Experience in process improvements and ability to drive results across multi-disciplinary teams</span></li></ul><p style="margin-left: .75in;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> </span></p><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><strong>TECHNICAL COMPETENCIES:</strong></span></p><ul><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Experience with IT and IS regulatory requirements is preferred </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to dive into unstructured data and produce actionable insights</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Demonstrated in-depth technical capabilities and practical knowledge of technological concepts </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Experience and familiarity with the following competencies are recommended:</span></li><ul style="margin-top: 0in;"><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">IT systems integration </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Technical delivery and agile transformation</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">IT transformation/complex program management</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Program/portfolio architecture</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Business and IT alignment</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">IT organizational change management</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">IT cost optimization and budget/financial and enterprise resource management</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">IT service/delivery management, including shared services.</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles</span></li></ul></ul><p style="margin-left: .75in;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> </span></p><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><strong>BEHAVIORAL COMPETENCIES:</strong></span></p><ul><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Excellent verbal, written and interpersonal communication skills, facilitation and consensus-building skills and a high degree of personal initiative and attention to detail</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Conceptual and practical thinking and implementation skills</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Demonstrated relationship-building skills, with a superior ability to make things happen through the use of positive influence </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to work effectively in a small team while developing and maintaining strong working relationships with all levels across the organization</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to adapt, pivot, and handle multiple tasks simultaneously and meet established deadlines or changing priorities</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to independently plan, coordinate, and manage workload. Maintains an awareness of workload not directly under their control and demonstrates flexibility in making most effective use of resources to achieve objectives</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Curious with analytical, influencing, problem solving, and negotiation skills</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Strong self-management, sense of ownership, and organization skills </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to employ project management techniques to support and/or undertake projects recognizing and planning for particular areas of uncertainty</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Motivated in learning new technologies and in identifying process improvements and efficiencies</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Sound judgment when presented with difficult decisions, especially when only partial information is available</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Can take initiative in a dynamic environment and is eager to learn and grow</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Critical thinker with the ability to discern areas of risk, trends, and patterns</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Has a risk management mindset, with the ability to challenge the status quo</span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Ability to learn quickly, connect the dots with a strong track record of developing idea from concept to deployment and delivering win-win solutions for the business </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Can display positivity, kindness, and humility </span></li><li><span style="font-family: arial, helvetica, sans-serif; border: 1pt none windowtext; padding: 0in; font-size: 10pt;">Value creativity, out-of-the-box thinking, and problem solving</span></li></ul><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"> </span></p><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><strong>WORK ENVIRONMENT/CONDITIONS:</strong></span></p><ul><li><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Standard office conditions</span></li></ul><p style="margin: 0px;"><span style="font-size: 10pt; font-family: arial, helvetica, sans-serif;"> </span></p><p style="margin: 0px;"><span style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><em><span style="color: red;">In addition to any specific job requirements in connection with Bank Secrecy Act and/or OFAC (BSA), employee must (i) be aware of BSA matters commensurate with the position; (ii) report any suspicious activity to the manager or compliance department; and (iii) satisfactorily complete any required BSA training.</span></em></span></p><p>PI118840261</p>

    Categories

    Posted: 2020-03-07 Expires: 2020-04-07

    Before you go...

    Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

    Share this job:

    Technology Risk Analyst

    LIC - HQ
    Long Island City, NY 11101

    Join us to start saving your Favorite Jobs!

    Sign In Create Account
    Powered ByCareerCast