Lead It Risk Analyst

The Lead Information Technology Risk Analyst is the lead analyst for risk assessment and focuses their efforts on risk, mitigation, reporting and campus support of the IT risk strategy and mission of the Information Security Office (ISO).  

As a member of the ISO team, this role provides leadership in supporting the mitigation of risk to Princeton University by significantly contributing to the development of processes, providing expert guidance to University staff, identifying and utilizing technology that assess, track, and mitigate deviations from best practices in IT risk.  

As the Lead Information Technology Risk Analyst, you will be responsible for conducting and maintaining campus-wide risk assessments, creating and monitoring risk mitigation and compliance tasks, and providing written, remote, or in-person support. This position will focus on monitoring risk levels of the campus and individual departments as well as assisting to educate the campus community on continuous risk assessment. To fulfill this role, the individual will use modules in the ServiceNow platform for collecting and analyzing assessment survey results. This position also plays a role in identifying training and awareness needs and will assist in preparing supporting documentation.

• Oversee the day-to-day operations of the IT risk assessment team 
• Lead the identification and design of ServiceNow dashboards that enable leadership and the campus community to highlight and mitigate risks 
• Identify operations and business functions that may require risk mitigation assistance, and plan and deliver solutions to reduce identified risk(s) 
• With a comprehensive understanding of University policies, and information security standards and best practices, provide leadership to the team and campus partners in utilizing the tools, technologies, services, and processes required to protect the University’s information assets 
• Consult with the campus community to ensure adherence to University standardson risk assessment and compliance 
• Build relationships with colleagues across campus to identify and align best practices 
• Research and socialize best practices in higher ed for risk reduction and compliance successes 
  
• Contribute to identifying, developing, and participating in necessary IT risk training 
• Develop a deep understanding of administrative, technical, and operational controls needed for compliance requirements 
• Develop a comprehensive and broad understanding of risk management concepts and their proper application 
• Develop a wide-ranging understanding of information security concepts and salient applications 
• Actively monitor and assist in risk-related service requests 
• Ensure that the University IT risk assessment module is fully maintained and up to date 
• Develop a deep understanding of the NIST Cyber Security Framework (CSF) guidelines and proactively work with stakeholders to determine applicability and mitigation strategies 
• Other duties as assigned in support of the ISO mission
  
• Proactively assess documentation to ensure that it is comprehensive and up to date to meet the ISO and campus risk assessment needs 
• Design, develop, evaluate, and implement risk assessment reports and metrics
  
• Collaborate with the Service Management Office staff to proactively improve the Integrated Risk Management (IRM) module in ServiceNow 
• Provide a deep level of support to the ServiceNow ecosystem, represent the ISO in ServiceNow integration initiatives, and actively work to stay up to date on emerging ServiceNow best practices 

Essential Qualifications

• 7 years of relevant cyber security experience in IT risk, information security, incident response, network security or other area(s) of IT  
• Demonstrated ability to collaborate with colleagues and customers from different levels of the organization and with varied levels of technical understanding 
• Excellent and proven oral and written communications skills 
• Strong time management and multitasking skills as well and attention to detail 
• Experience in supporting, analyzing, managing, communicating, and acting as a primary resource for risk reviews, both new and ongoing 
• Knowledge of Governance, Risk, and Compliance (GRC) and vendor risk management tools 
• Flexible, proactive, and possessing a can-do attitude, with a willingness and enthusiasm for learning new technologies and techniques that support evolving needs 
• Education: Bachelor’s degree or equivalent work experience

Preferred Qualifications

• Experience in higher education  
• Experience with ServiceNow, especially the modules of Security Incident Response and Integrated Risk Management, is highly preferred 
• High-level knowledge of the NIST Cyber Security Framework is a plus 
• Experience converting risk assessments and risk data into actionable mitigation plans and recommendations 
• Comfortable with impromptu tasking and loosely defined requirements 
• Strong collaborative skills and proven ability to work in a diverse team of security professionals 
• Possessing a blend of intellectual curiosity, creativity, persistence, commitment, passion, and optimism, with a continual desire for self-improvement and learning 
• Bachelor’s degree desired, preferably in a technical field such as Computer Science, Information Security, Information Technology, Computer Engineering, Information Systems, etc. 
• Relevant security and risk certifications desired: Security+, CRISC, or similar 

Princeton University is an Equal Opportunity/Affirmative Action Employer and all qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability status, protected veteran status, or any other characteristic protected by law. KNOW YOUR RIGHTS