analyst Brentwood, TN
Job description
Overall Job Summary
The IT Risk Sr. Analyst will support all IT Risk functions to meet the strategic goals of our IT Risk program supporting a highly dynamic, fast-paced, and diverse organization. Reporting to the Manager of IT Risk, you will design and implement IT Risk policies and procedures supporting a scalable approach to risk mitigation during rapid IT service delivery. Key to your success is blending business insight with knowledge of IT services delivery to minimize risk while supporting the growth of digital services at TSC.
Essential Duties and Responsibilities (Min 5%)
- Design, implement and measure an IT Risk Management program that follows a standards-based framework.
- Create and mature IT risk procedures that enforce company policies and standards.
- Manage a formal IT risk analysis and assessment system to minimize risk to critical information systems and data.
- Develop and provide IT and risk materials to fulfill audit, compliance, and regulatory requests.
- Ensure adequate and timely resolutions to audit findings relating to IT, Information Security and Privacy.
- Conduct third party risk assessments, make risk recommendations, and communicate results to business, technology, and legal partners.
- Develop IT risk success criteria and performance metrics for IT operational procedures.
- Provide guidance on security/privacy policies and standards development.
- Develop and implement action plans to address risk and security issues during development, integration, and deployment of technology solutions.
- Assist with the oversight of IT risk and security controls within cloud environments.
- Assist with the delivery of IT risk, security, and privacy services to the company.
- Assist with managing the Security Awareness Program for the company.
Qualifications
High Demand IT Specialized Skills
Platform Knowledge
Preferred knowledge, skills or abilities
- Hands-on experience managing IT risk management programs using NIST, FAIR, ISO, or other relevant IT control frameworks
- Experience with PCI, SOX, IT General Controls, change management, data privacy, CCPA, third party risk management, identity and access management, cloud security, IAAS, PAAS, SAAS
- Strong analytical, problem-solving, project management, and planning skills
- Strong negotiation/mediation skills
- Mentorship, collaborative skills, and ability to work well within a team
- Ability to work with and influence senior management
- Ability to work in a fast-paced and deadline-oriented environment
- Self-motivated with attention to detail, deadlines, and reporting
- Experience with IT GRC related tools: ZenGRC, ServiceNow and OneTrust. Audit Command Language (ACL) and integration experience is preferred.
- Experience in Retail, Big 4 IT Audit, Internal IT Audit, and Security Consulting is preferred.
Working Conditions
- Hybrid / Flexible working conditions
Physical Requirements
- Sitting
- Standing (not walking)
- Walking
- Lifting up to 10 pounds
Disclaimer
This job description represents an overview of the responsibilities for the above referenced position. It is not intended to represent a comprehensive list of responsibilities. A team member should perform all duties as assigned by his/her supervisor.
