Risk Analyst

Job Description

Job Description

Overview

The IT Risk Analyst is responsible for assessing and managing technology-related risks across the organizations IT environment. This role focuses on asset-based risk assessment, IT asset inventory management, change management review, and coordination with internal and external audit teams. The analyst will work closely with technology and business stakeholders to ensure that technology risks are identified, documented, monitored, and managed within the organizations risk appetite.

Key Responsibilities

Perform IT asset-based risk assessments to identify threats, evaluate mitigating controls, and assign inherent and residual risk ratings for technology assets.

Administer and maintain the IT asset-based risk assessment tools and processes , ensuring data accuracy and process consistency.

Develop and maintain IT asset inventory reports to define and refine the scope of risk assessments across all technology assets (e.g., in-house software, hardware, hosted applications, third-party services, APIs, and data).

Assist in the development, review, and maintenance of IT risk management policies, standards, and procedures .

Prepare and deliver IT risk assessment reports and status updates for management, committees, and other governance forums.

Partner with subject matter experts across departments to identify, analyze, and assess key risk scenarios, and support stakeholders with risk analysis and reporting.

Recommend appropriate, cost-effective controls or countermeasures to address technology risks that fall outside the organizations risk appetite.

Stay current on emerging threats, vulnerabilities, and industry trends relevant to the organizations technology environment.

Serve as a liaison between IT and internal / external auditors , coordinating and preparing audit documentation requests to ensure accurate and timely responses.

Support the change management process by assisting in the receipt, logging, and initial assessment of change requests, ensuring requests are complete and accurately documented.

Facilitate communication between change requestors, IT teams, and other stakeholders , ensuring adherence to established change management policies and procedures.

Monitor and review outcomes of implemented changes to confirm required documentation is captured and identify opportunities for process improvement.

Build and maintain effective working relationships with internal departments, vendors, and technology teams .

Maintain strong knowledge of the organizations technology assets and evolving IT threats to effectively identify risks and appropriate mitigating controls.

Complete assigned work within established timelines and quality expectations .

Qualifications

Education : Bachelors degree in Information Systems, Computer Science, Cybersecurity, or a related field, or equivalent experience.

Experience : Minimum of 2 years of experience in Information Systems, IT Risk, Information Security, or a closely related area.

Certifications (Preferred) : Professional certifications such as CISA (Certified Information Systems Auditor) and / or CRISC (Certified in Risk and Information Systems Control).

Skills :

Strong understanding of IT systems, infrastructure, and how technical functions relate to business processes.

Solid analytical, problem-solving, and documentation skills.

Effective written and verbal communication skills, with the ability to work across technical and non-technical teams.

Strong organizational and interpersonal skills.