Overview
On Site
Contract - W2
Skills
FOCUS
Leadership
Design Documentation
Organized
Dashboard
Issue Resolution
Reporting
Auditing
Collaboration
Continuous Improvement
Training
IT Risk Management
IT Security
Testing
Information Technology
Active Directory
Firewall
Routers
Database
Change Management
Cyber Security
Software Security
IT Operations
Network Security
Cloud Computing
SAP GRC
Documentation
Analytical Skill
Communication
Effective Communication
CISA
ISACA
Information Systems
CISSP
Risk Management
Financial Services
IT Risk
Health Care
Manufacturing
Professional Services
Energy
Management
Recruiting
Regulatory Compliance
Managed Services
Value Engineering
Research
Customer Experience
Law
Job Details
**Remote, ideal candiate will be local to one of the following locations: Atlanta, GA / La Vista, NE, / Scottsdale, AZ / St. Petersburg, FL**
*Must have experience building controls*
The IT Risk Analyst is responsible for developing, testing, and maintaining IT security controls and managing IT risk-related documentation. This position focus on compliance with frameworks such as NIST CSF, NYDFS NYCRR 500, and Regulation S-P while leveraging GRC platforms to assess and manage IT risks effectively. This position will manage the IT risk register, oversee control assessments, and ensure accurate reporting of risks.
The ideal candidate will have a proven ability to write and present clear assessment reports and develop thorough documentation. This role requires a balance of technical knowledge, analytical skills, and the ability to communicate findings to technical and non-technical stakeholders. This position offers the opportunity to work with cross-functional teams, engage with senior leadership, and contribute to a growing risk management program.
Responsibilities
IT Controls Development and Testing
Design, document, and test IT controls derived from NIST frameworks (e.g. CSF, SP 800-53), NYDFS NYCRR 500, and Regulation S-P.
Conduct control assessments, document findings, and support remediation efforts.
Write detailed and well-organized reports on IT control assessments, findings, and recommendations.
Partner with IT teams to identify and mitigate gaps in control implementation.
GRC Platform Utilization
Use a GRC platform to conduct IT control assessments, document findings, and manage the IT risk lifecycle.
Ensure accurate and timely updates to the IT risk register using GRC tools.
Develop dashboards and reports from the GRC platform to provide insights to stakeholders.
IT Risk Register Management
Maintain the IT risk register, tracking control and IT risk issues, mitigation efforts, and resolution timelines.
Conduct regular reviews of the risk register to track progress and prioritize remediation efforts.
Generate periodic reports on risk trends, control effectiveness, and issue resolution for management and governance committees.
Regulatory Compliance and Reporting
Monitor regulatory updates and adjust IT controls and risk processes to ensure compliance.
Support internal and external audits and regulatory reviews, preparing evidence and responding to queries.
Collaboration and Continuous Improvement
Contribute to the enhancement of IT risk management processes, tools, and methodologies.
Contribute to the development of IT risk policies, procedures, and training materials.
Provide guidance and training to other team members on risk and control-related topics.
Required Qualifications
Bachelor's degree in information technology, cybersecurity, risk management, or a related field.
Significant practical experience will be considered in lieu of degree.
3-5 years of experience in IT risk management, IT security, or regulatory compliance.
3+ years of experience with IT General Controls rationalization and testing on Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Application Security, IT operations, Network Security, and Cloud Computing).
Strong working knowledge of NIST frameworks (e.g., CSF, SP 800-53).
Proficiency in using GRC platforms to manage IT risk registers, control assessments, and tracking remediation efforts.
Demonstrated ability to write and present detailed assessment reports and create comprehensive documentation.
Excellent analytical and communication skills, with the ability to present technical concepts clearly. Effective communication skills, both written and verbal, with the ability to convey complex concepts to diverse audiences.
Preferred Certifications, such as:
o Certified Information Systems Auditor (CISA).
o Certified Risk and Information Systems Control (CRISC).
o Certified Information Systems Security Professional (CISSP).
Experience with risk management in regulated industries (e.g., financial services).
Proficiency in using AuditBoard to manage IT risk registers, control assessments, and tracking remediation efforts
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
*Must have experience building controls*
The IT Risk Analyst is responsible for developing, testing, and maintaining IT security controls and managing IT risk-related documentation. This position focus on compliance with frameworks such as NIST CSF, NYDFS NYCRR 500, and Regulation S-P while leveraging GRC platforms to assess and manage IT risks effectively. This position will manage the IT risk register, oversee control assessments, and ensure accurate reporting of risks.
The ideal candidate will have a proven ability to write and present clear assessment reports and develop thorough documentation. This role requires a balance of technical knowledge, analytical skills, and the ability to communicate findings to technical and non-technical stakeholders. This position offers the opportunity to work with cross-functional teams, engage with senior leadership, and contribute to a growing risk management program.
Responsibilities
IT Controls Development and Testing
Design, document, and test IT controls derived from NIST frameworks (e.g. CSF, SP 800-53), NYDFS NYCRR 500, and Regulation S-P.
Conduct control assessments, document findings, and support remediation efforts.
Write detailed and well-organized reports on IT control assessments, findings, and recommendations.
Partner with IT teams to identify and mitigate gaps in control implementation.
GRC Platform Utilization
Use a GRC platform to conduct IT control assessments, document findings, and manage the IT risk lifecycle.
Ensure accurate and timely updates to the IT risk register using GRC tools.
Develop dashboards and reports from the GRC platform to provide insights to stakeholders.
IT Risk Register Management
Maintain the IT risk register, tracking control and IT risk issues, mitigation efforts, and resolution timelines.
Conduct regular reviews of the risk register to track progress and prioritize remediation efforts.
Generate periodic reports on risk trends, control effectiveness, and issue resolution for management and governance committees.
Regulatory Compliance and Reporting
Monitor regulatory updates and adjust IT controls and risk processes to ensure compliance.
Support internal and external audits and regulatory reviews, preparing evidence and responding to queries.
Collaboration and Continuous Improvement
Contribute to the enhancement of IT risk management processes, tools, and methodologies.
Contribute to the development of IT risk policies, procedures, and training materials.
Provide guidance and training to other team members on risk and control-related topics.
Required Qualifications
Bachelor's degree in information technology, cybersecurity, risk management, or a related field.
Significant practical experience will be considered in lieu of degree.
3-5 years of experience in IT risk management, IT security, or regulatory compliance.
3+ years of experience with IT General Controls rationalization and testing on Information Technology (i.e., Active Directory, Firewalls, Routers, Infrastructure, Databases, Logging, Monitoring, Change Management, Segregation of Duties, Cybersecurity, Application Security, IT operations, Network Security, and Cloud Computing).
Strong working knowledge of NIST frameworks (e.g., CSF, SP 800-53).
Proficiency in using GRC platforms to manage IT risk registers, control assessments, and tracking remediation efforts.
Demonstrated ability to write and present detailed assessment reports and create comprehensive documentation.
Excellent analytical and communication skills, with the ability to present technical concepts clearly. Effective communication skills, both written and verbal, with the ability to convey complex concepts to diverse audiences.
Preferred Certifications, such as:
o Certified Information Systems Auditor (CISA).
o Certified Risk and Information Systems Control (CRISC).
o Certified Information Systems Security Professional (CISSP).
Experience with risk management in regulated industries (e.g., financial services).
Proficiency in using AuditBoard to manage IT risk registers, control assessments, and tracking remediation efforts
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.