Job Description

Why is This a Great Opportunity : An incredibly stable environment with tremendous room for growth with a premier mid-town Manhattan financial institution that still offers bonuses AND a pension plan!

• An IT Governance Analyst performs a variety of tasks to accomplish the objectives including but not limited to the evaluation of IT governance, IT audits, security risks and Vendor Management.
• Assesses risks, gathers management’s responses and tracks mitigation plans.
• Performs IT risk assessments covering the organization’s IT processes encompassing information security, infrastructure, application development, change management, and vendor management.
• Utilizes pre-established guidelines to perform the functions of the job. A wide degree of creativity and latitude is expected.

Essential Job Functions:

• Lead discussions of vendor management with corporate department representatives, information resource owners, and business unit stakeholders.
• Deployment, completion, and reporting of IT vendor and application Risk Profiles and Risk Assessments.
• Analyze data and documentation of Vendor Management to understand potential risks to operational processes
• Coordinate IT audits from internal request or external regulations in technology related services.
• Facilitate the development and on-going management of risk remediation plans.
• Support the development, implementation and maintenance of Risk Assessment and Vendor Management frameworks.
• Preparing status reports and presentation on a timely and routine basis.
• Develop and maintain a working understanding of products, services, and activities, as well as third party risk management principles and practices.
• Evaluate requests for new or modified third party engagements and prioritize / segment based on various risk factors.
• Collaborate with business requestors, Sourcing or Legal team members, and other team members to ensure a thorough understanding of the engagement and the risks inherent within.
• Identify gaps or issues based on third party standards and document to enable other colleagues and business relationship managers to evaluate the risk and develop appropriate action plans.
• Document assessments performed according to program requirements.
• Complete external risk assessments from internal or external sources.
• Assist and document DR tabletops.
• Assist project managers in other needed IT Governance functions.

Required Qualifications

• BS/BA Degree in Computer Science, Cybersecurity Information Systems or related field preferred.
• The following certifications are considered a plus: CISA, CISM, CRISC, CISSP, CIA, CTPRP, CTPRA, C3PRMP, PCIP, ISA, CIPP, or related.
• 2-5 years of relevant IT experience.
• Understanding of IT and security risks, processes, and controls and ability to converse at a technical level.
• Proven ability to work independently and cross-functionally.
• Ability to prepare presentations, status reports, process narratives, and work flow diagrams.
• Excellent verbal and written communication skills.
• Interacts well with all levels in a team environment.
• Strong analytical and problem solving skills.
• Business acumen and strategic thinking skills to enable understanding of third party risks in context of business activities.
• Foundational knowledge and experience with / exposure to all relevant risk disciplines (information security, business continuity, data privacy, legal and regulatory compliance, and general business risk), as well as subject matter expertise in at least one of these disciplines.
• Ability to adapt to change quickly, work comfortably with ambiguity, and manage multiple tasks successfully.
• Commitment to customer service, stakeholder relationships, and high impact communications across all organizational levels.
• Passion for continuous learning and growth—both business and technical skills