Compliance Risk Analyst Job Description
Compliance Risk Analyst Duties & Responsibilities
To write an effective compliance risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included compliance risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Compliance Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Compliance Risk Analyst
List any licenses or certifications required by the position: CISA, CISSP, CISM, CRISC, CRCM, GSEC, ATO, CIA, ISO, ITIL
Education for Compliance Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the compliance risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Finance, Business, Computer Science, Accounting, Sound, Graduate, Information Systems, Management, Criminal Justice, Education
Skills for Compliance Risk Analyst
Desired skills for compliance risk analyst include:
Desired experience for compliance risk analyst includes:
Compliance Risk Analyst Examples
Compliance Risk Analyst Job Description
- Analyze MPL (Master Product List) and identify deals that are breaking on Product code
- All work performed is moderately supervised
- Coordinate flow of information between various risk committees and model stakeholder groups
- Monitor remediation plan efforts
- Monitor results of model testing and review by Model Owners
- Assemble committee report packets and Top Risk scorecards
- Administer various program sites and databases
- Assemble standard and adhoc reporting
- Assist with program compliance by reviewing new and existing regulatory standards
- Track issues and MRA responses
- Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the security authorization guidelines and procedures
- Communicate and present to stakeholders on the FISMA compliance status of your assigned systems
- Work with the FISMA Tool IACS/Xacta to develop SA related documentation and track POA&M and vulnerability status
- Demonstrate knowledge of the NIST 800 publications governing the FISMA Act
- Ability to manipulate data in order to conduct sound and accurate analysis regarding output in the capabilities listed above
- Ability to learn and assist in managing TSA-specific FISMA Compliance dashboards and applications
Compliance Risk Analyst Job Description
- Maintains expertise on security trends through training, research and development in order to mitigate potential security exposures
- Develop and utilize collaborative networks with key contacts within and outside of their immediate organization
- Reviews existing and helps facilitate the development and documentation for new TO Policies and Standards
- The Analyst will be involved in all areas of IT Risk & Compliance
- The Analyst performs risk assessments for IT
- Collect and update policy, procedure and/or process documents, preferably in a GRC tool such as Allgress, Archer
- Ensures overall compliance with regulatory requirements, including but not limited to PCI, SOX, HIPAA
- Conducts assessments to identify gaps and make sound recommendations for improvement
- Assists with the build out of an enterprise GRC technology platform
- Conduct routine review & analysis of bank customers (individuals/entities), related parties (owners, board of directors, executives) and/or transactions that present a low degree of complexity and risk to determine appropriateness for organization
- Proven, in-depth technical knowledge of Information Security principles and process and writing IT policy preferred
- Possesses Awareness of auditing standards and frameworks
- Experienced in all aspects of project governance, security and integrity management
- Certified Information Systems Auditor (CISA) and Information Technology Infrastructure Library preferred preferred
- Ability to work independently in a team environment including multi-level staff and external partners
- Bachelor's degree in Computer Information Systems, Information Technology, or related field is required
Compliance Risk Analyst Job Description
- Administers and completes complex tasks such as data gathering or manipulation, system or process creation and implementation
- Performs analysis and reviews risk data providing insightful recommendations and opinions
- Creates complex reports for meeting with Federal Examiners, internal and external auditors, and with clients
- Participates and may lead training and the work of complex projects
- Review account reconciliations and journal entries based upon understanding of risks
- Ensure issues and associated root causes are understood and well defined
- Run and distribute recurring reports
- Develop, document, and execute compliance audit reporting in partnership with more senior team members
- Analyze reports for trends and issues
- Modify existing reports as directed
- 2+ years of experience collaborating in teams and working within the areas of Internal Audit, Technology Governance, Risk Assurance, and/or Internal Controls
- Familiarity with COSO/COBIT internal control framework a plus
- Document findings and track to remediation using GRC tool
- Review documented IT security controls
- Interview internal control owners to determine how controls are implemented
- Provide feedback to control owners in regards to IT security controls
Compliance Risk Analyst Job Description
- Consult and partner with the Corporate Technology Group in the implementation of new processes and enhancements to existing pre- and post-trade compliance monitoring, reporting, and trading systems
- Work closely with internal and external auditors, regulators, and examiners to coordinate documentation requests, reports, and assurance letters
- Participate in information security awareness and training initiatives
- Assist in tracking and maintenance of action plans for the resolution of issues identified during assessment and audits
- Serves as subject matter expert in specialized aspects of information security and emerging and advanced technologies
- Supports enterprise in all aspects of information security administration
- Consults with IT and business units on the purchase and/or design of complex and/or strategically significant information security projects, emerging technologies, or technology-related services before they are implemented
- Analyzes business data use processes against vulnerabilities and threats and counsels business units on consequences
- Collaborates with cross-functional teams responsible for information systems security to ensure the confidentiality, integrity, and availability of data stored, processed and transmitted
- Engages with operating, storage, regulatory, engineering, HR, legal, and training units to evaluate and implement security process for critical infrastructure and key resources
- Direct experience with audit frameworks, including SSAE 16 SOC 2 and SOX
- Familiarity with industry-standard security frameworks, including ISO 27001 and NIST 800-5
- Self-motivated with the ability to seek out and engage with people in the organization
- Flexible and collaborative with peer
- 1-3 years of related experience within professional services IT
- Experience with data analysis applications such as ACL, SQL, or Access preferred
Compliance Risk Analyst Job Description
- Maintain knowledge of, and contribute to, IT General Controls, SOC 1&2 controls, and ISO 27000 security controls
- Work with auditors and vendors who support security maturity development, and with internal and external auditors
- Lead or participate in various security, risk management, and other initiatives
- Develop/implement IT security training and awareness for both technical and non-technical audiences
- Develop policies and procedures as they relate to IT security and risk management
- Effectively communicate new policies and procedures to relevant employees
- Provide guidance on standards and regulations, such as PCI DSS, EU GDPR, and FDA CFR that can be easily understood by the businesses
- Assist in data protection program initiatives
- Evaluate effectiveness of existing controls and determining the impact of proposed changes to business processes, applications and systems
- Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks potential mitigations
- Willingness to travel 40-90% within national and global travel expectations
- BA/BS in Business Administration, Accounting, Computer Science, Information Systems Administration, Engineering or related field
- Proven ability to work independently, collaboratively, in day to day work, work on projects, and other assignments
- Experience with an industry accepted GRC platform such as Archer, Keylight, MetricStream
- Proficient in Microsoft Office Applications, Excel, Word, Access
- Bachelor’s Degree or higher strongly preferred with experience in Internal Audit (IT Audit preferred), IT Risk & Compliance, or Information Security