Senior IT Risk Analyst

Description

At Citizens, we believe in creating opportunities for growth and development. As an Enterprise Technology & Security (ETS) Sr IT Risk Analyst on the Monitoring and Testing team, you will play a pivotal role in monitoring and testing risk controls for diverse lines of business and products.  As a Senior Risk Analyst, you will partner closely with the First Line Risk Managers who directly support the ETS teams. You will be at the forefront of ensuring our organization’s control environment is effective and compliant with industry regulations. Your role will involve executing a robust control monitoring and testing program, managing complex risk environments, and driving continuous improvements across key control indicators. In this role, your expertise will directly contribute to the identification of control failures and lead initiatives to resolve them in a timely and effective manner. You will leverage automated testing and data analytics to provide critical insights into the effectiveness of key risk controls and collaborate across teams to drive improvements in our risk management processes.

Note: This role requires a technical background in information security, cybersecurity, DevSecOps, infrastructure, or cloud operations. Candidates should have experience in technology risk management, security architecture, and regulatory compliance within IT environments. Applicants must demonstrate hands-on expertise in technical risk assessment, security frameworks, and IT controls.

Primary responsibilities include

• Control Monitoring & Testing: Collaborate with First Line Risk Managers to execute and manage the control monitoring program, ensuring that multiple complex lines of business/products are compliant with internal policies and external regulations.

• Continuous Improvement: Drive the implementation of continuous monitoring strategies, including key risk indicators (KRIs) and key control indicators (KCIs), leveraging automated testing and data analytics to add value across risk management efforts.

• Technical Compliance: Ensure that all control testing adheres to regulatory frameworks, cybersecurity standards, and compliance requirements, particularly in the context of technology services (IaaS, PaaS, SaaS) and cloud operations.

• Insightful Analysis: Deliver comprehensive analysis of control effectiveness, identifying trends and offering recommendations for enhancing control measures. Present these findings clearly to stakeholders, highlighting opportunities for risk mitigation and control refinement.

• Stakeholder Collaboration: Partner with the First Line Risk Managers to escalate and resolve material control issues, keeping them informed of progress and providing your expertise on control effectiveness.

• Regulatory Awareness: Maintain a cutting-edge understanding of risk management regulations, emerging threats, and legislative changes to ensure the organization remains compliant with industry standards and regulatory requirements.

• Testing & Process Improvement: Execute control tests to validate control effectiveness and support the resolution of issues. Develop, refresh, and retire tests based on insights from the Risk and Control Self-Assessment (RCSA) process and related findings.

• Building Partnerships: Foster strong relationships with Business Unit Risk Management teams to improve the effectiveness of risk management efforts and advance a culture of compliance across the organization.

Qualifications

• 5-7 year’s experience Risk Management Experience 

• Demonstrated experience in systems architecture, cybersecurity, infrastructure, technology operations, development life cycle and methodologies, cloud operations, information security and/or DevSecOps

• Strong understanding of technology as a service (Iaas, SaaS, PaaS) 

• Demonstrated experience supporting and/or leading risk projects across multiple business lines offering a wide variety of financial services products and services. 

• Understanding of the regulatory environment, requirements and how the risks of the products and services the bank offers are viewed by the Second Line of Defense and regulators. 

• Ability to constructively work both independently and in collaborative environments involving all levels of management and employees 

• Ability to use data and metrics to back up assumptions, recommendations and drive actions

• Experience in business domains such as risk management, human resources, supply chain management

• Effective project management and analytical skills

• Strong interpersonal and team building skills

• Ability to build and expand trusting relationships and partnerships

• Ability to work independently 

• Results oriented with proven track record of delivering high quality results within strict deadlines

• Highly-organized and able to manage concurrent projects while meeting or exceeding deadline requirements 

• Experience delivering under tight deadlines while maintaining quality standards

• Proficient use of MS Word, MS Excel and PowerPoint and Visio

• Excellent business writing skills 

• Experience in Alteryx and Python preferred

• Experience in an organization that is under strong regulatory oversight and scrutiny

Education, Certifications and/or Other Professional Credentials

• Bachelor's Degree OR at least 5 years of work experience. Bachelor’s Degree: Accounting, Business, Statistics, Risk Management, Information Systems, Finance, Economics or equivalent field or equivalent work experience.

• Certifications Preferred: Certified Internal Auditor, Certified Regulatory Compliance Manager, Certified Fraud Examiner, Certified Public Accountant, Project Management Professional, Certified in Risk and Information System Controls, or other relevant risk certification

Hours & Work Schedule

• Hours per Week: 40

• Work Schedule: M-F

Pay Transparency

The salary range for this position is $100,000 - $125,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.