IT Risk & Compliance (ITRC) Analyst

Job Description : This role supports the ITRC goal to ensure that risks inherent to technology systems and data are managed within the Bank’s risk appetite. The ITRC Analyst is responsible for monitoring, reporting, and executing risk management activities in areas such as technology deployments, vulnerability assessments, third-party access to non-public data, and information security to protect against current or emerging threats to the Bank. Additionally, this role partners with key stakeholders to ensure compliance with IS and IT frameworks. Primary Responsibilities : Conduct readiness assessments, including reviews of relevant documentation in advance of audits, 2LOD assessments, and external assessments. Maintain the inventory of SOX IT General Controls (ITGC) and control tests in ServiceNow, updating as directed, and identify opportunities for improvements in reporting and automation. Act as liaison between control owners, internal auditors, and 2LOD assessors during audits and assessments, supporting control owners in the timely submission of artifacts. Map key Information Security and Technology controls identified in policies, standards, and process documents to industry frameworks such as NIST CSF, NIST 800-53, CSA CCM, CIS v8.1, and regulatory requirements in FHFA Advisory Bulletins. Identify and document technology processes. Manage the LogicGate Governance Library to ensure Information Security and Technology documents align with approval and publication requirements, utilizing automated reminders and active engagement with document owners. Maintain ITRC document archives in the shared repository. Report status on open findings, observations, recommendations, and self-identified issues regularly, and submit formal audit observation closure documentation. Document and report the progress and value of in-flight ITRC initiatives, risks, and planned activities as directed by the ITRC MD. Review requests for deviations from policies and standards, confirming compliance with Technology Exception requirements, including risk assessment and documentation of exception rationale. Participate in the Architecture Assessment Review process, documenting decisions, tracking deliverables, and ensuring completion of next steps for new or changed technologies. Support team members in conducting third-party security risk assessments for existing or proposed third-party technologies. Requirements : Skills / Knowledge : Customer Focus, Decision Quality, Accountability, Results-Driven, Engagement, Collaboration, Values Differences, Effective Communication, Trust Building 3-5 years of experience in technology risk or IT audit Knowledge of technology frameworks such as CIS v8.1, CSA CCM, CoBIT, NIST, ITIL Understanding of Operational and Technology Risk Management Ability to promote teamwork, act as a change agent, and lead by example Familiarity with SOX ITGC Proficiency in Microsoft Office and SharePoint Strong communication skills across organizational levels Project management and problem-solving skills, preferably with Atlassian JIRA Analytical and report writing skills Proactive with the ability to meet deadlines Experience with GRC tools like ServiceNow and LogicGate is highly desirable Ability to learn and use ProcessUnity / CyberGRX platforms Criteria : 2-3 years supporting operational and technology risk management activities for Information Security and Technology.

#J-18808-Ljbffr