Data, AI and Emerging Technology Risk Principal Analyst

Citizens Bank

$120K — $150K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7-10 years of experience in IT risk management, information security, or internal audit
  • Deep expertise in control frameworks like CRI Profile, NIST 800-53, and NIST CSF
  • Proven ability to lead risk assessments and regulatory response activities
  • Advanced proficiency with GRC and security monitoring tools
  • Strong executive communication skills for presenting risk findings
  • Ability to operate independently in complex, multi-stakeholder environments

Responsibilities

  • Lead proactive identification and monitoring of technology and cybersecurity risks
  • Execute and oversee complex Risk and Control Self Assessments (RCSAs)
  • Serve as a subject matter expert for technology risk during audits and regulatory inquiries
  • Analyze risk data to identify trends and control gaps, translating into strategic insights
  • Partner with senior leaders to evaluate risks associated with platforms and initiatives
  • Oversee third-party technology risk activities for high-risk service providers
  • Develop and deliver executive-level risk reports and presentations to management

Benefits

  • Hybrid work schedule (4 days onsite, 1 day remote)
  • Opportunities for mentoring and coaching junior analysts
  • Access to continuous improvement and risk management initiatives
  • Collaboration with senior technology and business leaders
Full Job Description
Job Description

Within Enterprise Technology & Security (ETS), the Data, AI and Emerging Technology Risk Principal Analyst drives the strategic identification, assessment, and mitigation of technology-related risks, playing a key role in safeguarding the organization's information assets. This senior individual contributor position operates with significant autonomy, working across technology and business teams to shape risk practices, advance control effectiveness, and ensure alignment with Cybersecurity Risk Institute (CRI) Profile, NIST Cybersecurity Framework, NIST 800-53, and other applicable frameworks. The Principal Analyst serves as a subject matter expert whose insights directly influence the bank's technology risk posture and risk management strategy. Principal Risk Analysts solve complex problems, take broad perspectives to solve problems innovatively and may lead projects with moderate resource requirements, risk and/or complexity. Cross-functional leadership and development across junior contributors are a key feature of this senior role.

Responsibilities

  • Lead the proactive identification, assessment, and monitoring of technology and cybersecurity risks across systems, applications, infrastructure, and services, applying industry-recognized frameworks such as CRI, NIST CSF and NIST 800-53.


  • Execute and oversee complex Risk and Control Self Assessments (RCSAs), risk assessments, targeted risk reviews, and control adequacy evaluations, providing challenge and expert recommendations on risk treatment and remediation strategies.


  • Serve as a subject matter expert for technology risk during internal audits, regulatory examinations, and supervisory inquiries, leading issue analysis, response development, and corrective action execution.


  • Analyze and synthesize risk and security data from enterprise platforms and monitoring tools to identify systemic trends, emerging risks, and control gaps, translating findings into strategic insights for leadership.


  • Partner closely with senior technology, engineering, cybersecurity, compliance, and business leaders to evaluate risk associated with new and existing platforms, infrastructure, and initiatives.


  • Oversee third-party technology risk activities for high-risk or complex service provider relationships within assigned domains.


  • Develop and deliver clear, executive-level risk reporting and presentations, effectively communicating risk posture, trends, and remediation priorities to senior management and governance forums.


  • Contribute to the continuous enhancement of risk frameworks, methodologies, policies, and governance processes to strengthen overall risk maturity.


  • Mentor and coach analysts at varying levels, fostering strong risk judgment, analytical rigor, and a culture of accountability and continuous improvement.


  • Stay ahead of evolving regulatory requirements, emerging threats, and industry trends, proactively advising leadership on risk impacts and control enhancements.


  • Champion initiatives that strengthen the organization's risk posture and promote a proactive, risk-aware culture across the enterprise.


Team-Specific Requirements

Preferred Domain-Specific Technical Skills

  • Familiarity with cloud platforms such as AWS, Azure, or GCP


  • Experience with analytics platforms, storage solutions, data protection methodologies, data platforms, ETL, data transmission, data loss prevention, endpoint security practices, and cyber recovery practices, e.g. Tableau, Webfocus, APIs and Microservices based development, Talend, Informatica, Kafka, Spark, Autosys, Airflow, Java, Hadoop, Redshift, Starburst, Databricks, Tessell, MongoAtlas, Snowflake, OCI, AWS RDS, etc.)


  • Proficiency with data governance, security and other telemetry tools such as Collibra, Grafana, Datadog, Qualys, Wiz, CyberArk, or Splunk


  • Experience with continuous integration, continuous delivery, agile and devsecops pipelines, including data engineering sub-pipelines and related tools (e.g. Nexus, Jenkins, Harness, Fortify, EKS, Openshift, etc.)


  • Knowledge of AI/ML platform tools such as Bedrock, Sagemaker, H2O.ai, MLflow, etc.


Preferred Team-Specific Tools & Platforms

  • ServiceNow, Jira, Confluence, or other ITSM/collaboration platforms


  • GRC Archer, WDesk, or other risk and compliance platforms


Experience & Skills

Required:

  • 7-10 years of progressive experience in IT risk management, information security, or internal audit, with demonstrated leadership in complex risk environments.


  • Deep expertise in control frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and/or ITIL, and the ability to apply them strategically.


  • Proven ability to lead risk assessments, control testing programs, and regulatory response activities independently.


  • Advanced proficiency with GRC platforms (e.g., Archer), security monitoring tools (e.g., Splunk, Qualys, Wiz), and data analysis tools (e.g., Tableau, Grafana, Excel).


  • Strong executive communication skills; ability to present risk findings persuasively to senior leaders and non-technical audiences.


  • Track record of influencing risk practices and driving meaningful improvements in control environments.


  • Ability to operate independently and manage complex, multi-stakeholder workstreams.


Preferred:

  • Experience in a regulated financial institution with familiarity with OCC, Federal Reserve, or FDIC supervisory expectations.


  • Background in cloud infrastructure risk, cyber resilience, or enterprise architecture risk.


  • Experience designing or significantly improving risk management programs or frameworks.


Education

  • Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree strongly preferred.


  • One or more of the following certifications are preferred:


  • CISA (Certified Information Systems Auditor)


  • CRISC (Certified in Risk and Information Systems Control)


  • CISM (Certified Information Security Manager)


  • CISSP (Certified Information Systems Security Professional)


  • PMI-RMP (Risk Management Professional)


  • AWS Solutions Architect or Microsoft Azure Administrator


Hours & Work Schedule
  • Hours per Week: Monday-Friday
  • Work Schedule: 40
  • Hybrid: 4 days per week onsite, 1 day remote


Similar Jobs

More Jobs at Citizens Bank

  • Product Manager
    $100K — $130K *
    Plano, TX 75024 (Collin County)
    Information Technology
    In-Person
  • Product Manager
    $100K — $130K *
    Iselin, NJ 08830 (Middlesex County)
    Information Technology
    In-Person
  • Product Manager
    $100K — $130K *
    Westwood, MA 02090 (Norfolk County)
    Consumer Technology
    In-Person
  • Product Manager
    $100K — $130K *
    Johnston, RI 02919 (Providence County)
    Information Technology
    In-Person
  • Product Manager
    $100K — $130K *
    Phoenix, AZ 85032 (Maricopa County)
    Consumer Technology
    In-Person

More Information Technology Jobs

Find similar Data, AI and Emerging Technology Risk Principal Analyst jobs: