Risk Management Analyst, Senior

The Risk Management Analyst will work within the Operational Risk Management team with responsibilities to support the ongoing execution of Business Continuity Management (BCM) and Third-Party Risk Management (TPRM) program operations.

The Risk Management Analyst will help to understand, formalize, and act upon Information Technology risk management strategies that adhere to the adopted corporate best practices and standards of SOC 2, PCI-DSS, NIST CSF, and similar frameworks.

The Risk Management Analyst will work with stakeholders to gather, track, and assess risk information within Blackbaud’s managed infrastructure including the third-party ecosystem.

The Risk Management Analyst will help to develop and facilitate plans that strengthen Blackbaud’s ability to respond, recover, and sustain operations from various potential threats.

The Risk Management Analyst will work to advance the effectiveness of operational risk programs and proactively identify new strategies that will contribute to the successes of these programs at Blackbaud.

The Risk Management Analyst will produce recurring reports that serve to identify key success factors of operations and potential gaps where risks, threats, and / or vulnerabilities may further develop.

Responsibilities :

Lead, maintain, and support Operational Risk Management program activities.

Develop, maintain, and perform cross-functional business continuity scopes of work including an annual Business Impact Analysis (BIA) assessment.

Advance maturity of BCM program by maintaining existing operations, identifying opportunities for new value-added functions, and deploying strategies to improve capabilities.

Execute inherent and residual risk assessments of third-party service engagements and for changes in services from existing engagements at time of renewal or when added services are being procured.

Ensure proper due diligence for supply chain relationships which have been terminated or have expired.

Responsible for supporting TPRM program’s adherence to regulatory standards including PCI DSS, GDPR, HIPAA, TX-RAMP, and the NIST 800-53 Cybersecurity Framework (CSF).

Partner and collaborate with internal teams to understand, evaluate, and contribute to the improvement of their managed risk controls, including participation in risk committees.

Support the reduction of Blackbaud’s collective risk posture by advancing program operations while mitigating identified risks, threats, and vulnerabilities.

Assist enterprise risk governance operations to ensure regulatory, legal, and contractual obligations to stakeholders are in place and operating effectively.

Prepare and present reports and metrics that demonstrate operating effectiveness of program operations in line with desired levels of future risk tolerance.

Assist in customer and auditor requests for information regarding program operations.

Continually participate in learning opportunities to advance understanding and capabilities in the field.

Meet work standards by monitoring production, productivity, and identifying work process improvements.

Requirements :

2-3 years experience in Risk, Security, or Compliance position.

2-3 years leading project operations and managing collaboration efforts internally and externally.

2-3 years experience working for a company in a regulated technology, software, healthcare, or financial services sector.

Must have experience leading project activities independently, be solution-focused and results-oriented with excellent communication skills.

Familiarity with PCI DSS, SSAE 18, ISO 27001, and NIST frameworks will be key to the success of this role.

Must be proficient in use of SaaS applications and have expertise with Microsoft Excel and PowerPoint.

Advanced skills in SharePoint, OneTrust, Teams, and PowerBI will be strongly considered.

LI-REMOTE

Blackbaud is a remote-first company which embraces a flexible remote work culture. Blackbaud supports hiring and career development for all roles from the location you are in today!