POSITION SUMMARY:

TheSenior Technology RiskAnalyst is responsible for supporting the organization's risk governance direction and elevating the companys overall risk posture. TheSenior Technology RiskAnalystis expected to manage and mature the enterprise risk register and drive highquality risk assessments across new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems and emerging technologies to ensure risks are accurately identified, assessed, documented, and monitored.

The role oversees the business risk and compliance obligations mandated by regulatory standards such as the GrammLeachBliley Act (GLBA) and SarbanesOxley Act (SOX). In partnership with security leadership, the analyst continuously evaluates the assurance of the risk management program.The Senior Technology RiskAnalyst tracks remediation progressvalidates the accuracy of riskentries andenforces resolution of outstanding issues that may lead to noncompliance or security threats. The analyst must focus on risk governance and corporate resiliency and not be driven solely by compliance.

Essential Functions, Duties, and Responsibilities

• Conduct enterprisewide, ongoing risk identification and risk assessments in tandem with compliance and security teams.
• Maintain full oversight and administration of the enterprise risk register within the GRC platform.
• Identify strengths and weaknesses in the risk and security program as they relate tosecurity, business resiliency, and compliance frameworks.
• Document, formulate, and enforce areas of riskrelated improvement that balance business operations with appropriate risk reduction.
• Maintain strong oversight of thirdparty, vendor, and businesspartner risks and update the risk register to reflect identified issues or required remediation.
• Analyze and assess risk findings and document, recommend, and report program gaps and risk trends to security leadership.
• Monitor current and proposed regulatory, privacy, and security changes and ensure associated risks are captured within the risk register.
• Apply GRC expertise across key lines of business to ensure consistent and accurate risk scoring, control mapping, and risk treatment planning.
• Define qualitative and quantitative metrics to assess the success of the risk program and provide regular reportstosecurity and business leadership.
• Ensure teams maintain uptodate documentation for systems, controls, and processes that support the risk assessment lifecycle.
• Participate in incident response by documenting incidentrelated risks, tracking occurrences, and ensuring proper closure within the risk register.
• Work in tandem with security, audit, and risk management leadership to perform ongoing assessments of the risk program and contribute to annual strategic initiatives.
• Attend and actively participate in change and project management meetings to identify new or evolving risks.
• Ability to effectively and accurately convey riskrelated information to stakeholders at all levels.
• Performs related duties as assigned by management.

Qualifications and Education Requirements:

• Bachelors degree in computer science, arelated field, or equivalent industry experience.
• Holds one or morerelevant industry certification.
• At least7+ years experience in cybersecurity, compliance, or risk management with strong exposure to risk assessment methodologies.
• Experience and understanding of regulatory requirements and laws including, but not limited to SOX, SOC,and GLBA. Additional experiencein CRIor NIST frameworks.
• Preferred experience with cloud environments such as AWS and Microsoft Azure.

Skills, Abilities, and Knowledge:

• Strong business acumen and risk management skills with the ability to align risk governance with business operations.
• Exceptional written and verbal communication skills with proven ability to translate risk and security concepts to all levels of the business.
• Ability to understand both legacy and modern technologies and evaluate risk impacts accordingly.
• Working knowledge of incident response, system configuration, vulnerability management, and hardening guidelines as they relate to risk identification and evaluation.
• Demonstrated problemsolving capability and ability to manage complex, crossfunctional risk requirements.
• Selfmotivated, organized, and capable of proactive identification of emerging risks.
• Successful track record of managing thirdparty risk, contracts, and external relationships.
• Familiarity with state, federal, and international privacy laws.
• Highly trustworthy; leads by example.
• Strong interpersonal skills with the ability to develop and maintain effective and professional relationships across the organization and with customers.
• Strong influencing and negotiation skills; consultative and collaborative work style.
• High learning agility with the ability to learn and integrate business variables and learn new systems and platforms.
• Effective at managing multiple priorities under tight deadlines in a fast-paced, dynamic environment.
• Self-directed and comfortable working with ambiguity and uncertainty.
• High degree of professional maturity, integrity, ability to maintain confidential data and information.

Work Environment and Physical Requirements:

• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.

Additional Information:

While this description is intended to be an accurate reflection of the positions requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Microsoft Authenticator. Employment will be contingent on this requirement.