Senior IT Risk Analyst
Rockland Trust · Plymouth, MA · 2 wk ago
Information TechnologyFull-time
About the role
The Senior IT Risk Analyst is responsible for leading comprehensive IT risk assessments, evaluating controls, communicating findings, and supporting risk management initiatives within Rockland Trust.
Responsibilities
- Lead comprehensive IT risk assessments across applications, infrastructure, and IT processes, including inherent and residual risk evaluations.
- Evaluate the design and operating effectiveness of controls, ensuring assessments are evidence-based and aligned with internal methodologies and regulatory requirements.
- Conduct detailed walkthroughs and interviews with IT and business stakeholders to validate processes and risks, identify control gaps, and obtain and evaluate appropriate documentation and evidence.
- Analyze risk and control data to identify trends, recurring issues, or systemic weaknesses to translate findings into actionable insights.
- Maintain sufficient documentation of assessments performed, tests conducted, and issues noted in the Bank’s systems of record, ensuring clarity, completeness, and alignment with Bank and regulatory methodology and requirements.
- Communicate findings, risk implications, control gaps, or other such issues to stakeholders in a professional, credible, and constructive manner.
- Support, advise, and challenge remediation plans to ensure proposed actions effectively mitigate identified risks.
- Coordinate responses to audit, regulatory, or other internal inquiries, ensuring timely and accurate resolution of outstanding issues.
- Track and monitor remediation efforts and key milestones to facilitate risk closure, proactively identifying potential bottlenecks or emerging risks.
- Provide guidance and informal coaching to junior team members, reviewing work products to ensure adherence to risk assessment standards and quality expectations.
- Contribute to continuous improvement initiatives for IT risk assessment methodologies, reporting practices, and other opportunities.
- Serve as a trusted resource for IT and business teams on risk-related topics, fostering a risk-aware culture and promoting best practices.
- Stay current with regulatory guidance, industry standards, and emerging risks to support program maturity and long-term risk management effectiveness.
Qualifications
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Accounting, Finance, or a related field with equitable risk and controls experience.
- Minimum of 5 years of professional experience in IT risk management, technology audit, or control testing, including execution of risk assessments, control evaluation, and reporting.
- Experience with GRC platforms (e.g., Archer) and risk reporting tools (e.g., PowerBI dashboards).
- Familiarity with risk and control frameworks such as NIST, CIS, COBIT, FFIEC, or ISO.
- Demonstrated ability to effectively communicate, both written and verbally, complex IT risk and control concepts effectively to technical and non-technical stakeholders.
- Experience navigating highly regulated or matrixed environments, interacting with audit, compliance, and/or regulatory stakeholders.
- Strong analytical skills, attention to detail, and ability to make independent, informed decisions.
- Proven ability to influence outcomes and drive follow-through on risk identification and mitigation activities.
- Professional certifications: CISA, CRISC, CISM, CISSP, or equivalent (highly preferred).
- Financial services industry experience (highly preferred).
Benefits
Competitive compensation with performance incentive awards, Health Insurance, Dental Insurance, a 401K and DC Plan for your retirement, LTD & Life Insurance, Vacation Time, Day Care Reimbursement, Tuition Assistance for graduate and undergraduate programs, an Award Winning Wellness program and much more!