Information Risk Analyst Job Description
Information risk analyst
provides operational support to Fitch’s Identity and Access Management controls (user access provisioning, role based access control, access certification, privileged access management).
Information Risk Analyst Duties & Responsibilities
To write an effective information risk analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included information risk analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Facilitate communication and interaction across end-user community and development team to achieve effective, efficient issue resolution
Improve end-user adoption of firm-wide technology risk assessment processes by enhancing usability and effectiveness of support materials
Develop comprehensive training curriculum incorporating various educational methodologies (self-learning, classroom, train-the-trainer, ) and multiple mediums for content delivery
Administer policy management by applying necessary changes to policies, standards, procedures, assessment questions and assessment question metadata within the policy management tool
Facilitate exception processing requests including web, portable media and administrative access requests
Help to manage major and minor system releases to include new business requirements as requested
Contribute to the development of Risk Information Services' management practices
Drive prioritization to ensure most critical areas are addressed
Identify opportunities for improving application security risk posture, including expanded monitoring, KRI tracking
Support internal education and best practices sharing with peers and colleagues, information security education & awareness, as needed
Information Risk Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Information Risk Analyst
List any licenses or certifications required by the position: CISSP, CISM, CRISC, CISA, GNFA, GCFA, GCIH, GMON, GSEC, ISACA
Education for Information Risk Analyst
Typically a job would require a certain level of education.
Employers hiring for the information risk analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Technology, Technical, Information Security, Education, Business, Management, Finance, Accounting, Engineering
Skills for Information Risk Analyst
Desired skills for information risk analyst include:
IT risk management frameworks/concepts
Identity and Access Management controls
Principles
Methods
SQL/Oracle queries
SOX/SSAE16 and regulatory related obligations
User access management standards
IT systems and processes and experience evaluating internal technical control systems
Technology risk management and industry best practices
Phoenix application and risk control self assessment
Desired experience for information risk analyst includes:
Conduct initial risk classifications to gauge the current/proposed risk profile of the chosen third party
Provide guidance related to the assignment and understanding of risk factors related to the use of the chosen third party
Determine frequency and depth of assessment processes based on the Risk Classification level assigned to the Third Party
Establish, enforce and manage future assessment criteria for third parties based on information risk, business criticality & compliance requirements
Ensure proper evidence is gathered to facilitate timely closure of remediation plans
Serve as advisors to the business by ensuring an ongoing awareness of the risks associated with continued utilization of a third-party relationship
Information Risk Analyst Examples
1
Information Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking for an information risk analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for information risk analyst
- Conduct ongoing security assessment activities to validate appropriate aspects of the control environment exist
- Gather evidence of technical and operational controls
- Perform on-site assessments to measure the effectiveness of the current control environment
- Document and communicate control deficiencies identified during assessment
- Access Uplift - Support and help streamline the adoption of EPV as a method to drive compliance with the corporate Access Uplift program
- The Senior Financial Analyst will provide analytical support for the International Small Business Services(SBS) and U.S. Non-Card Lending products
- Assist in management of the forecasting and analysis of Loss Provision and Credit Reserves
- Provide credit related analytical support for major business initiatives
- Build core competency in analyzing data at the customer level (primarily via SQL)
- Develop and present key analyses and monthly provision results to senior management
Qualifications for information risk analyst
- 5+ years of work experience in areas of infrastructure is preferred with a broad understanding of infrastructure
- Bachelor’s degree in Finance, Accounting, related discipline or equivalent experience
- 5 or more years of experience, progressively responsible related financial experience required
- Good ability to manage diverse relationships with partners/clients
- Expert knowledge in the use of financial software applications, databases, spreadsheets and word processing preferred
- Excellent operational and problem solving skills
2
Information Risk Analyst Job Description
Job Description Example
Our company is looking for an information risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information risk analyst
- Develop and present business cases (CBA’s) in partnership with Risk and Information Management for new projects and initiatives
- Provide credit related analytical support for the Risk and Information Management Group (RIM), in partnership with the Global Servicing Network
- Manage the risk finance templates that quantify the financial impacts of risk initiatives
- Manage forecasting and analysis of Global Outside Agency Fees and Recoveries
- Develop and present key analyses and recommendations to senior management
- Develop, implement, and support information security policy and procedures that meet or exceed the compliance requirements of the organization
- Works with and educates 3rd party vendors on compliance with the information security requirements of the organization
- Assist in client due-diligence activities (questionnaires, on-site audit/assessments, ) as needed
- Develops technical and end user training material
- Develop and present business cases (CBA’s), in partnership with RIM, for new projects and initiatives
Qualifications for information risk analyst
- Proven ability to work on large programs and projects within a cross line of business technology organization
- Good understanding of UNIX (Keon preferred), Windows (local and domain), mainframes / distributed databases, Java/ .Net
- Must have superior written and verbal communications skills, the ability to create executive level presentations
- Must have excellent negotiation, presentation, and interpersonal skills
- Bachelor's or Master’s degree in Business Administration, Information Systems or equivalent
- Experience in project and/or service management
3
Information Risk Analyst Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of information risk analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for information risk analyst
- Collaborate with Business and IT teams to ensure proper risk identification and mitigation of critical risks
- Collaborates with other internal teams to ensure the risks from 3rd parties are mitigated to acceptable levels
- Perform IT security risk assessments of both new and existing in-house and vendor-based systems
- Administer user system and data entitlements, across multiple platforms and applications
- Assist in Implementing and modifying user entitlements, as it relates to the rollout of new applications
- Generate and ensure the accuracy of entitlement reports
- Review requests for new systems or changes to existing systems and evaluate the impact to security
- Provide assistance to system users and Security Coordinators, as it relates to security access and controls
- Training of Security Coordinators on ISRM processes and workflows
- Engage in ongoing communications with peers in technical development groups the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation
Qualifications for information risk analyst
- Experience with Computer System Validation (FDA CFR21 part 11, Pharmaceutical systems) or equivalent
- Ability to engage with multi-functional stakeholders
- Ability to quickly grasp understanding on diverse topics and make relevant contributions
- Interest to learn cross-functional business process
- Dynamic Team Player while able to work independently
- Travel abroad may be required during onboarding phase
4
Information Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of information risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk analyst
- Assist in coordinating efforts to ensure IT controls are appropriately executed resulting in Sarbanes-Oxley (SOX) and Business Process Assurance (BPA) compliance
- Track and support remediation of PCI DSS, SOX and all other regulatory observations identified and reported by BPA or external auditors
- Gather data to prepare IT Risk management metrics and reporting
- Serve as IT liaison to BPA or external auditors by prescreening requests and responses
- Perform tasks associated with Information Security policies and procedures development and updates
- Participate in IT control monitoring programs to ensure IT compliance-related risks are managed to the level of acceptable risk
- Research and provide recommendations for improving the effectiveness and efficiency of IT control processes and enterprise risk and compliance activities
- Support the development of IT knowledge repository for IT risk and compliance-related materials and resources including IT controls, policies, procedures and standards
- Gain understanding of business processes, business control processes, risk management, IT controls and related standards
- Gain understanding of complex business and information technology management processes
Qualifications for information risk analyst
- Background in system or process auditing shows ability to identify and quantify risks
- Excellent ability to evaluate processes, identify potential problems and implement feasible solutions
- CISSP, CEH or CISA highly preferred
- Typically requires a minimum of 5 to 7 years of experience in the IT risk discipline, information security or at a public company in a related field
- Successful candidate will have proactive "can do" attitude
- Must be able to apply quantitative techniques and financial modeling skills to translate data into meaningful business dynamics and/or solutions
5
Information Risk Analyst Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of information risk analyst. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for information risk analyst
- Conduct analysis and research to understand the broader risk impact of current decisions
- Provide timely status updates on progress to manager
- Maintain and deliver the best-in-class Business Intelligence and Analytics solutions for Risk within RIM Bluelight platform
- Research, analysis, development and support of reporting and analytical solutions using SQl, SQL Server and Big Data Environment( Hive , Hadoop )
- Very good knowledge of SQL is desired
- Candidate should be able to write complex SQL queries , SQL Procedures and do performance Tuning for the same
- Daily responsibilities include designing and developing robust, user friendly applications
- Support business analysts in determining needs and solutions
- Good data analysis, application troubleshooting and communication skills are a must
- Understanding of Cornerstone and Big Data environments will be helpful
Qualifications for information risk analyst
- Technical knowledge of application development, operating systems, database design, and/or networking will help an Information Risk Lead interact with technology groups and guide appropriate solutions
- CISSP, CISM, CISAor similar security-specific education
- Must be results driven and proactive with the ability to manage multiple projects and work within tight timelines
- Able to think strategically and have the relationship skills necessary to partner and drive results in a cross-functional team environment
- Excellent oral and written communication skills and ability to present on a regular basis to senior management
- Previous card/risk management experience and/or 2+ years work experience