IT Policy Exceptions Analyst

Our Client, a Global Financial Services Firm, is seeking an IT Policy Exceptions Analyst in their St. Pete, Florida location. 

Essential Duties and Responsibilities:

• Lead IT Policy Exception Management by administering and tracking exception requests through ServiceNow, ensuring accuracy and compliance.
• Partner with financial advisors and their technology teams to document exception requests and provide clear, actionable guidance.
• Conduct risk assessments by analyzing policy deviations, identifying associated risks, evaluating compensating controls, and recommending remediation strategies.
• Communicate effectively with advisors via email, chat, and phone to provide clarity on IT security requirements and deliver high-quality support.
• Drive continuous improvement by troubleshooting issues, resolving challenges, and contributing to process enhancements that strengthen the overall risk posture.
• Perform other duties and responsibilities as assigned.

Qualifications – Knowledge, Skills, and Abilities:

• Demonstrated ability to interpret and communicate both technical and non-technical policy requirements.
• Strong knowledge of IT security principles, risk management practices, and control frameworks.
• Excellent organizational and project management skills with the ability to prioritize high-visibility requests.
• Ability to translate complex IT security concepts for audiences with varying levels of technical expertise.
• Experience with ServiceNow policy or exception management is a plus.
• Analytical mindset with the ability to identify issues, evaluate data, and recommend effective solutions.
• Collaborative approach with a strong focus on relationship-building and client service.

Education and Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, Management Information Systems (MIS), or a related field, with three to five years of relevant experience, or an equivalent combination of education, training, and experience.
• Experience in IT risk management and or managing IT policies and standards.
• Prior experience in a highly regulated environment such as financial services is preferred.
• Professional certifications such as CISSP, CISA, GCCC, or other cybersecurity credentials are considered strong differentiators.