Senior IT Infrastructure Risk & Governance Analyst

Location: Bethesda, MD, United States
Job Information
​CSS IT Infrastructure Division is looking for a Senior Risk & Governance Analyst to help manage and oversee technology based risks and related activities. The successful candidate would be responsible for identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments. This position works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to Infrastructure teams, ERM, CSS Executive management and various stakeholders. 

Key Job Functions
  • Be fully conversant with Infrastructure controls and activities related to those controls
  • Maintain and establish good record keeping of all control sampling, track the maturity of all operating controls, report and mitigate any deficiencies
  • Understand, capture and track all operational risk and deficiencies/gaps and work with delivery leads and technical leads to create improvement/remediation plan
  • Prioritize deliverables related to controls evidence, issue remediation, internal external stake-holders submissions and other reporting activities.
  • Work closely with Infrastructure management and liaise with ERM and Information Security teams in risk acceptance, audit response and in tracking audit related deliverables.
  • Contribute to the establishment of KPI and KRI Metrics and tools to assess and report on Operational performance and risks on a regular basis in a consistent & objective manner.
  • Create and maintain operational and risk dashboards across all Infrastructure streams and align Improvement/ remediation plans with open issues.
  • Ensure all Infrastructure operational documents are regularly reviewed and signed-off. Identify any documentation deficiencies and work with SMEs to remediate those deficiencies

  • Bachelor's Degree in Information Systems or related field or an equivalent combination of education and experience
Minimum Experience  
  • Minimum 7 years of work related experience in Information technology with 5 years of experience in IT Infrastructure
  • Minimum 3 years of experience in managing Infrastructure operational Risk/Governance & analysis related activities
Specialized Knowledge & Skills     
  • Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, AICPA).
  • Strong understanding of technology processes, risks and issues including infrastructure Service Management (knowledge within cloud computing is preferred, specifically AWS).
  • Capable of identifying, evaluating and mitigating significant risks within an enterprise.
  • Basic knowledge of SOC2 controls & assessments
  • Strong working experience with Microsoft Office Suite.
  • Ability to document and explain risks and vulnerabilities to both business and technical stakeholders
  • Must have past experience performing vulnerability research and reporting.
  • Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment.
  • Possesses strong analytical skills
  • Active in the technology industry; equipped with external networking relationships to maintain relevant knowledge of best practices, tactics, strategies and technology
  • Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals.
Tami Andrade Fitzpatrick
Senior Recruiter
this job portal is powered by CATS