• Senior Analyst, IT Risk Management

    Raymond James Financial, Inc. (St. Petersburg, FL)


    Job Description

    **Note:** This position follows our hybrid-friendly schedule, so you get the best of both worlds – flexibility and collaboration. In office days will be 2-3 per week averaging 10-12 days per month in our St Petersburg, FL Corporate Office.

    Job Summary:

    This role serves as the IT Functional Business Unit Risk Manager (BURM) duties and acts as the day-to-day driver for risk reporting and management. This role will work closely with Senior Leadership, including the named BURM, and regularly brief executives on our Enterprise Risk Board.

     

    Conducts IT risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of Technology control processes. Implements and maintains ongoing programs and processes to test the design and operational effectiveness of IT controls. Responsible for ensuring IT assurance and compliance-related activities are completed in accordance with industry standards and regulatory requirements. Builds and maintains "Trusted Advisor" status as a foundation for achieving influence and obtaining a commitment from IT teams.

     

    Performs threat-based risk assessments to understand how new/emerging threats could impact the firm, and make remediation recommendations. Utilizes escalation channels, avoiding over and under escalation. Is the primary on the most complex or escalated issues and may provide direction and guidance to team members. Applies specialized business knowledge and technical skills to significant deliverables and projects that involve multiple IT departments, and business units and have enterprise impact. Is able to make judgments and recommendations based on the analysis and interpretation of data.

    Essential Duties and Responsibilities:

    + Responsible for IT Functional Business Unit Risk Manager (BURM) duties

    + Maintain the IT risk register, EITRB deck, ORMC/Risk Committee of the BoD decks, issues management, CRI Profile adherence, and Key Risk Indicator (KRI) submissions.

    + Seeks understanding of risks and procedures sufficient to understand the reasons for tasks being performed.

    + Serves as a senior information risk and control advisor, participating in IT processes and activities (e.g., planning, systems development and product selection, etc.).

    + Advises process owners on the design and implementation of IT controls (manual and automated) into processes and systems using knowledge of risks and company objectives.

    + Identifies, implements, and maintains processes and tools to support assurance, compliance, and remediation tracking activities (e.g., testing, maintenance of controls documentation).

    + Maintains IT controls-related documentation (e.g., narratives, process flows, RCM) for simple to complex information systems in support of information assurance and compliance activities.

    + Develops and uses basic interview techniques and participates in facilitated risk identification sessions.

    + Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities.

    + Assists IT process owners, in the creation and maintenance of IT policies and procedures to support information assurance and regulatory compliance activities, by providing input on control objectives and activities.

    + Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure IT compliance.

    + Performs other duties and responsibilities as assigned.

    Education/Previous Experience:

    + Minimum of a Bachelor’s degree in Computer Science, Cybersecurity, MIS or related degree and three to five (3-5) years of relevant experience in auditing or risk assessing or combination of education, training and experience.

    + Knowledge of FFIEC CAT or other security frameworks

    + Familiarity with Enterprise Risk Management concepts and processes

    + Experience Interfacing with Internal Audit and regulators

    + Experience with ServiceNow platform, IBM OpenPages

    + Executive-level briefing and communication skills

    + Organization skills and precise attention to detail

    + Effective in managing, influencing and negotiating with senior stakeholders within IT, Internal Audit, and Regulators.

    + Experience with regulatory exams and audits (FINRA, FRB, OCC, SEC, etc.) is a strong plus.

    + Experience in enterprise risk management concepts and risk assessments.

    + Experience within a highly regulated environment like Financial Services required.

    + May occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.

    Advanced knowledge of the following:

    + IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.

    + Recognized IT control frameworks and standards (e.g., COBIT, ITIL, and ISO 17799).

    + Accepted industry audit and control standards (e.g., AICPA, ISACA).

    + State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).

    + Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).

    Licenses/Certifications:

    + Industry recognized certifications preferred but not required

    Education

    Bachelor’s: Computer and Information Science, Bachelor’s: Computer Systems Analysis, Bachelor’s: Information Technology, High School (HS) (Required)

    Work Experience

    General Experience - 3 to 6 years

     

    Certifications

     

    Travel

     

    Less than 25%

     

    Workstyle

     

    Hybrid

     

    At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.

    We expect our associates at all levels to:

    Grow professionally and inspire others to do the same

    Work with and through others to achieve desired outcomes

    Make prompt, pragmatic choices and act with the client in mind

    Take ownership and hold themselves and others accountable for delivering results that matter

    Contribute to the continuous evolution of the firm

     

    At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates. When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.