This role supports the Technology Risk Management (TRM) organization by balancing hands‑on technology control monitoring and testing with ownership of the TRM execution plan. The Analyst is responsible for ensuring that control monitoring and testing activities are executed effectively while also driving disciplined planning, tracking, and delivery of TRM commitments.
The role works closely with Technology teams and Risk stakeholders to understand technology risks, evaluate control effectiveness, execute monitoring and testing activities, and ensure remediation actions progress in line with the TRM execution plan. This is a hands‑on, execution‑focused role that requires strong ownership, sound judgment, and the ability to manage multiple risk and control workstreams concurrently.
Key Responsibilities:
Technology Risk & Control Ownership:
Develop a working understanding of technology platforms, systems, and architectures to identify key risk exposures
Evaluate whether technology controls appropriately mitigate identified risks, considering both design and operating effectiveness
Identify control gaps, weaknesses, or inconsistencies, and support remediation discussions with Technology teams
Support ongoing technology risk assessments (e.g., RCSA) and related control evaluations
Technology Control Monitoring & Testing:
Perform and support technology control monitoring and testing activities, including design and operating effectiveness assessments
Plan and execute testing activities, including scoping, evidence review, evaluation, and documentation of conclusions
Exercise sound judgment when assessing evidence quality and control effectiveness
Track control deficiencies, action items, and remediation efforts through to closure
Execution, Tracking & Delivery Discipline:
Own day-to-day execution of assigned risk and control activities, ensuring work is structured, sequenced, and completed on time
Maintain visibility of milestones, dependencies, and execution status across multiple workstreams
Prepare clear summaries and execution updates highlighting risk exposures, testing progress, and issues requiring attention
Proactively identify execution risks, delays, or dependencies and escalate appropriately
Governance, Communication & Documentation:
Support preparation for and follow-ups from technology risk governance forums, reviews, and working sessions
Communicate risk and control outcomes clearly to Risk and Technology stakeholders
Maintain accurate, complete, and audit-ready documentation for risks, controls, testing results, and remediation evidence
Contribute to continuous improvement of technology risk execution practices and documentation standards
Qualifications
Bachelor’s degree in Engineering, Information Systems
2 - 5 years of experience in Technology Risk, IT Controls, Control Testing, or Risk Execution roles
Required Skills & Experience:
Experience in Technology Risk, IT Controls, Operational Risk, or Technology Control Monitoring & Testing
Strong understanding of technology risks and control concepts
Ability to execute work with structure, discipline, and follow-through
Comfortable managing multiple parallel deliverables and driving items to closure
Nice-to-Have:
Exposure to execution or delivery management practices, such as planning, tracking milestones, and managing dependencies
Experience preparing structured execution updates or management summaries