IT Risk Management Senior Analyst

Job Title

IT Risk Management Senior Analyst

Job Description Summary

The IT Risk Management Senior Analyst is responsible for supporting the company’s information security risk management processes. The IT Risk Management Senior Analyst works across the enterprise to assist with risk identification, analysis, mitigation, and ongoing management and reporting of information security risks. This role requires collaboration with IT owners, IT executives, and business or service line executives to effectively assess and manage information security risk to the organization.
This role will work the second shift with working hours from approximately 4pm-12pm PHT, with some flexibility.

Job Description

Key Responsibilities:

• Conduct information security risk assessments to identify risks; ensure risks are consistently treated and managed via the risk management process.
• Assess risks using qualitative and quantitative risk analysis methods.
• Assist IT and business leads in the development of risk mitigation and treatment plans.
• Maintain and manage the cybersecurity risk register and tools used for risk and governance.
• Perform periodic reviews of open risks to track mitigation progress and risk reduction.
• Develop internal processes to enhance, streamline, or automate risk and governance activities; ensure processes align with the company’s risk framework, policies, and standards.   
• Develop and maintain risk metrics (e.g., KPIs and KRIs) to manage risks within the company’s risk appetite and tolerance.
• Develop and deliver presentations to communicate risk to IT and business executive leadership; ensure content is consumable for non-technical audiences.
• Assist in the creation and management of information security governance documents, including policies, standards, and guidelines.
• Promote employee compliance to information security requirements; Track and manage non-compliance to company policy via the policy exception process.
• Build relationships with IT and business teams to further identify risk and ensure compliance with company policies. 

Knowledge and Experience:

• Degree or equivalent work experience in computer science, information systems, or related field
• 3-5 years of experience in an information security or risk management position
• Knowledge of risk assessment methodologies, cybersecurity frameworks (e.g., NIST CSF), and information security policies and standards is preferred
• Knowledge of risk quantification methodologies and frameworks (e.g., FAIR Model) is a plus.
• Ability to analyze, manage, and use data to create meaningful and impactful metrics.
• Excellent communication skills (verbal and written).
• Experience developing and executing presentations to all levels of management.
• Ability to collaborate with IT and business partners to set goals and objectives.
• Ability to lead and track progress on projects, meet deadlines efficiently, manage leadership expectations, and communicate delays or issues.
• Strong team player
• Strong interpersonal skills and ability to work cross-functionally and across divisions with others.
• Strong teambuilding skills including promoting cooperation and good working relationships among peers and team members, remaining positive and supportive during change, and building rapport and trust with IT Risk stakeholders and other business partners.

INCO: “Cushman & Wakefield”