Jobs · Information Technology · Massachusetts

Principal/Senior Technology Risk Analyst

Berkshire Hathaway Specialty Insurance · Boston, MA · 1 wk ago
Information Technology$160k–$180k/yrFull-time

About the role

Berkshire Hathaway Specialty Insurance (BHSI) is a strategic and trusted insurance partner offering a broad range of commercial property, casualty, and specialty insurance coverages. As part of Berkshire Hathaway's insurance operations, BHSI brings its solutions to market with a stellar brand name, top-rated balance sheet, and the expertise of its global team of professionals. We are a values-based organization committed to diversity, inclusion, and excellence.

Responsibilities

  • Lead risk identification, risk assessment, and ongoing monitoring; maintain the Technology risk register and ensure risks map to business objectives and risk appetite/tolerances.
  • Drive Risk and Control Self-Assessments (RCAs) with different risk and control owners; advise on control design for identity & access, change/release, resiliency/DR, cloud security, data protection, and vulnerability management.
  • Define and socialize KRIs/KPIs, risk dashboards, trends, and heat maps; deliver clear status to Technology leadership, and key stakeholders.
  • Partner with Vendor Risk Management Team to evaluate critical vendors (including AI-enabled services), review SOC reports/certifications, assess control gaps, and track remediation/compensating controls through closure.
  • Track risk issues, action plans, and target dates; validate remediation and retest where needed; participate in lessons-learned and scenario exercises.
  • Provide support to our offices from both a U.S. and global perspective regarding the fulfillment of Technology risk related requests and obligations.
  • Assess AI/automation use cases for explainability, privacy, security, and bias risk; ensure appropriate documentation, monitoring, and governance are in place.
  • Educate teams on risk expectations, evidence quality, and the "why" behind controls; help embed risk thinking into delivery and operations.
  • Attend/participate in e-learning training sessions to increase background knowledge of the ever-evolving Technology regulatory landscape.

Qualifications, Skills And Experience

  • 10+ years of experience in Technology risk, Technology audit/compliance, or cyber GRC.
  • Experience running RCSAs, defining KRIs/KPIs, and presenting risk insights to senior stakeholders.
  • Strong documentation skills, including writing risk narratives, control designs, control matrices, testing procedures, and remediation plans.
  • Effective communication and partnership skills; able to challenge constructively and receive challenge professionally.
  • Experience conducting vendor risk reviews, including SOC 2 analysis, control gap identification, and remediation follow-up.
  • Solid background knowledge of major risk and control frameworks (Technology, Cyber, Enterprise), such as NIST CSF, COSO ERM, COBIT, etc.
  • Working knowledge of U.S. Technology regulations (e.g., SOX, CCPA/CPRA, PCI, NY-DFS) is recommended.
  • Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin) is preferred but not required.
  • Ability to work in a team-based environment and communicate effectively and efficiently with others domestically and globally.
  • Experience with GRC tools such as Workiva, AuditBoard, ServiceNow, Drata, Vanta, or similar platforms is a plus.
  • AI experience is a plus, including an understanding of AI risks, responsible AI concepts, or emerging AI regulatory requirements.
  • Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor (or equivalent) are a plus.

Pay

The base salary range for this position in Boston is $160,000.00 to $180,000.00, along with annual bonus eligibility. Total compensation for a candidate is determined by their relevant skills, location, and experience.

Similar jobs