IT Security Risk Analyst

"Develop and implement IT risk identification process aligned with risk management framework.
* Conduct IT risk workshops with business stakeholders to identify, discuss, and analyze potential risks within their environment.
* Current focus is on Human Resources, Finance, Global Procurement, and ERC IT applications. Moving forward, this process will extend to other business functions.
* Analyze and evaluate IT systems, integrations, and processes to identify vulnerabilities and weaknesses. Work closely with the IT Application and Security architects to better understand the data flow and integrations between IT systems.
* Develop an internal risk control framework based on industry standards aligned with CIS Safeguard, NIST SP 800-53, PCI-DSS 4.0, ISO 27001/2, NIST AI RMF, and NIST Privacy Framework. The goal is to verify all recommended security controls are aligned with industry standards.
* Monitor and manage IT risks in the risk register.
* Develop and implement risk mitigation plans and controls based on the internal risk control framework.
* Design, implement, and test ServiceNow GRC Risk Management Workflow Updates. Update GRC SOPs to reflect process flow updates.
* Monitor and track IT risk indicators and metrics by developing KRI (key risk indicators) to identify risk trends across the IT environment.
* Collaborate with cross-functional teams to verify IT risk management practices are integrated into business processes.
* Provide guidance and training to associates on IT risk management best practices.
* Provide testing for ServiceNow GRC application updates and develop training materials."