Sr Technology Risk Analyst- Enterprise Data Engineering

Sr Technology Risk Analyst- Enterprise Data Engineering

For this Sr Technology Risk Analyst opportunity, Citizens is looking for a candidate with experience in designing and configuring high performing data and analytical solutions that transform, integrate, and make data available for business solutions. You will be responsible for providing technical risk oversight of data processing/transformation processes, primarily in a public cloud (AWS) but also on-premises. This is an oversight/governance position that does not require actual solution design or hands-on configuration.

The candidate will join a first-line-risk team working directly with enterprise technology enablement teams (e.g. Data Engineering team, API team, BI team, etc.) to proactively identify, assess and mitigate risk as aligned with the enterprise risk appetite framework and industry best practices. Successful candidates will have prior technical contributor experience in large scale, hybrid-cloud computing, agile-CI/CD, DevSecOps enterprises. 

Exceptional candidates will standout by demonstrating prior experience with automation and operational knowledge of Python, SQL or other technical skillsets to deploy DevSecOps solutions such as Security Orchestration, Automation and Response (SOAR) and/or hold certifications such as CISA, CISSP, CISM, AWS Solutions architect, Collibra Ranger, CCDAK, IBM APIC CSI etc. 

Please note that this role is a low-to-no-code role which requires strong familiarity and functional knowledge of DevSecOps and related tools (Jenkins, Nexus, Bitbucket, API Connect, Confluent Cloud, AWS IAM, Splunk, ServiceNow, GRC Archer etc.), and candidates who have strong learning and communication skills and high confidence in their technology aptitude to identify risks appropriately are welcome to apply.

Responsibilities

• Act as a technical Subject Matter Expert on assigned projects and working groups responsible for identifying risks and controls inherent in various technical processes in the CI/CD pipeline and DevSecOps procedures.
• Collaborate directly with technical contributors supported by the risk team to document process maps, procedures, control adequacy worksheets, control test steps and job aides utilizing Visio, Confluence, and other enterprise documentation tools.
• Respond to internal and external audits, regulatory exams, and other requests for information. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses. 
• Identify risk issues, create issue documentation in the enterprise system of record, GRC Archer, steward issue through second line approval, action plan and target date management and submit evidence for issue closure or significance downgrade when appropriate. 
• Analyze and interpret available risk and security data from GRC, Splunk, DataDog, ServiceNow, Nexus, Qualys and similar tools to identify risk trends, risk gaps, potential controls and risks.
• Partner with first-line-risk and third-party-risk colleagues to complete routine risk management tasks and ceremonies, such as Risk and Control Self-Assessments (RCSAs), Ad-hoc Risk Assessments, Business Initiative Risk Assessments, Procedure Updates, Complementary User Entity Control Reviews, Second Line Risk Management Challenges, and so on.
• Develop well-written, comprehensively-researched and data-driven risk reports within assigned deadlines.
• Act as a primary liaison with business stakeholders to identify, track, report, and continuously manage Technology Risk exposure associated with their day-to-day activities in an on-demand consultative capacity.
• Utilizing time-management and organizational skills as well as enterprise productivity tools such as Jira, manage multiple simultaneous time-sensitive workloads ensuring not to miss target dates, submission deadlines. 
• Stay current on changes to business processes, internal policy/standards, and industry trends in the evaluation of the potential impact on the banks risk profile.
• Establish and maintain an effective business relationship with business partners, key project stakeholders, Audit and Governance teams, and subject matter experts to advise and support the business lines in preventing and mitigating risk. 

Experience and Skills: 

• Technical capability or knowledge of Information Technology, Information Security, and/or Data Management, including some of the following:
  • Cloud Technologies (AWS, Azure, etc.).
  • Coding languages such as Java, JavaScript, C, Python, .Net, Node, SQL, Rust, Python.
  • Operating systems such as Linux, Windows, VMWare ESX.
  • Database technologies
  • Application design, network architectures, monitoring and fault management.
• Experience with tools such as Excel and Tableau for collecting, analyzing and interpreting data from multiple sources, documenting the results and providing meaningful analytic products.
• Strong interpersonal skills to effectively communicate complex technical and risk matters with a view to drive understanding and alignment across a variety of technical and non-technical audiences.
• Strong research, critical/analytical thought process, problem solving and writing skills.
• Flexible and adaptable to change; ability to work comfortably with incomplete information and deal with ambiguity in a fast-paced environment.
• Project management and autonomous prioritization skills to support complex concurrent assignments.

Education:

• Minimum of 5 years of IT contributor, risk management or equivalent experience
• Master’s Degree (Finance/ Business / Security / IT Related) or Bachelor’s Degree and equivalent career experience 

Certifications Preferred:

• Certifications in Information Technology, Security, Design and/or risk certifications preferred but not required (e.g., CISA, CISM, CCNA, CISSP, CRISC or AWS certified Cloud Practitioner).

Pay Transparency 

The salary range for this position is $131,000-$197,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.   

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of very local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.