IT Controls & Risk Framework Analyst

Software Guidance & Assistance, Inc., (SGA), is searching for an IT Controls & Risk Framework Analyst for a CONTRACT assignment with one of our premier Financial Services clients in lower Manhattan, NYC . He or she will need to work in the office 1-2 days / week.

The ideal candidate will possess technical knowledge of various technology domains, a good understanding of risk methodologies, and some experience implementing and maturing control frameworks.

Support the comprehensive mapping of existing and new technology controls using the Common Control Framework (through UCF), ensuring alignment with relevant industry standards, regulations and internal policies.

Help identify gaps and redundancies in current control implementations and propose solutions for optimization and harmonization across various technology platforms and business units.

IT Risk

Provide guidance on risk mitigation strategies, control enhancements, and residual risk acceptance, as required.

Assist in the development and implementation of risk reporting mechanisms to provide actionable insights to management.

Help the senior lead in facilitating workshops and training sessions to foster a strong understanding of control objectives and risk management principles.

Support internal and external audit activities by providing evidence, explanations, and documentation related to control implementations and risk posture.

Minimum of 3+ years of experience in IT risk management, IT audit, information security, or IT compliance roles.

Exposure with various cybersecurity frameworks and regulations (e.g., Some understanding of diverse technology domains, including cloud computing, network security, application security, data protection, identity and access management, and infrastructure security.

Strong analytical skills with the ability to dissect complex technical and business processes to identify control points and risk exposures.

A strong, logical, and structured approach to problem-solving.

Excellent written and verbal communication skills, with the ability to articulate complex technical and risk concepts to diverse audiences, including senior leadership.

Ability to work independently with minimal supervision, manage multiple priorities, and deliver high-quality results in a fast-paced environment.

Relevant industry certifications such as CISSP, CISM, CISA, CRISC, AWS / Azure Security Certifications.

Experience within financial institutions, banking or other relevant industry under similar regulatory scrutiny.

We are a women-owned business. Our

• to solve big IT problems with a more personal, boutique approach. Youll join a diverse team built on these core
• customer service, employee development, and quality and integrity in everything we do. SGA is an Equal Opportunity Employer and does not discriminate on the basis of Race, Color, Sex, Sexual Orientation, Gender Identity, Religion, National Origin, Disability, Veteran Status, Age, Marital Status, Pregnancy, Genetic Information, or Other Legally Protected Status. We are committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment and our services, programs, and activities. Please visit our company EEO page to request an accommodation or assistance regarding our policy.