Currently seeking an experienced IT and Security Risk Analyst to strengthen the IT Risk Management (ITRM) team. The ideal candidate will have 3-5 years of experience in IT and cybersecurity, with a proven track record of identifying, assessing, and mitigating risk. This role involves working closely with various departments to ensure that technology and data assets are protected against internal and external threats. The candidate will be a key player in enhancing the security posture and maintaining compliance with relevant regulations and standards.
The Risk Analyst will perform a variety of tasks to accomplish the objectives of the IT Risk Management (ITRM) program, including but not limited to the evaluation of IT and security risks. The Risk Analyst will work alongside ITRM staff to assess risk, confirm the overall residual risk level, and communicate the results to management and stakeholders for review. In addition, the Risk Analyst will lead discussions with corporate department representatives to understand risk-related issues and determine feasibility of remediation plans, document responses, and track mitigation plans.
Duties
Conduct in-depth risk assessments and analyses to identify potential vulnerabilities and/or threats to the organization's IT infrastructure and data assets Develop, recommend, and implement strategies and plans to help mitigate identified risks, including technological solutions and policy improvements Work with the business units and/or business departments to integrate risk management practices into daily operations and project planning Lead the discussions of IT risks with corporate department representatives, information resource owners, business units Manage, operationalize, and participate in program activities associated with, but not limited to:o Tracking, completion, and reporting of IT and security risk remediation planso Oversight of the Application Risk Profile (ARP) remediation planso Review of risk-related issues Facilitate the review and risk evaluation of new or existing information resources or technology related services Develop and manage a mechanism for the reporting of the various risk and control indicators Support the development, implementation and maintenance of risk assessment frameworks Stay informed of emerging security threats, technologies, and trends to adapt and improve the organization's risk management capabilities Prepare reports and presentations on a timely basis Continuous communication and teamwork with other departments in FNF and its subsidiaries Other ITRM duties as assigned
EducationBachelor's Degree in a technology related field or business administration, accounting, finance, or related field augmented by industry related training programs and supported by work experience.
ExperienceSecurity related certifications such as: CISA, CISSP, CISM, CRISC, or Security+ Experience with GRC related software Familiar with SOC2 or Trust Services Principles Familiar with Unified Compliance Framework
Additional InformationREQUIREMENTS:
3-5 years of relevant experience in IT and security risk analysis Strong knowledge of cybersecurity frameworks, risk management processes, and compliance requirements, such as such as COBIT, NIST CSF, Cloud Controls Matrix, CIS CSC, ITIL, ISO 27001 Strong understanding of IT and security risks, processes, and controls and ability to converse at a technical level Demonstrate the ability to plan, schedule, and coordinate work, and able to maintain high levels of confidentiality and professionalism Proven ability to work independently and cross-functionally Self-starter with proven track record of execution and results Great business judgment, ability to influence others and strong analytical thinking Ability to prepare presentations, status reports, process narratives and workflow diagrams Excellent written and oral communication skillsEmployment Type: FULL_TIME