IT Risk & Governance Analyst

Boston, MA



  • IT Risk Management: Lead the identification, documentation, monitoring and mitigation of IT risk. Own, support and evolve the IT risk management framework, including internal and management reporting, to ensure risk considerations are addressed as IT services and capabilities expand. Apply knowledge of frameworks such as ITIL and COBIT to ensure the company’s risk management is consistent with industry standards. Liaise with business units to ensure the IT risk management approach accommodates industry requirements.
  • Business Continuity Planning and Disaster Recovery (BCP/DR): Support BCP planning and testing for the company. Conduct business impact assessments identify and document plan updates, support test planning, record signoffs and produce related testing documentation.
  • Change Management: Champion the IT change management process. Improve / modernize / optimize the change management policy and procedures to ensure the process supports business needs while meeting high standards required by internal and external auditors. Measure and monitor processes to identify exceptions and / or deviations and ensure compliance with the policy.
  • Vendor Management: Manage the company’s vendor due diligence and assessment process to ensure consistent monitoring of performance and awareness of risk in new and ongoing vendor relationships. Review due diligence materials, author assessments and aid other IT and business staff in conducting vendor risk analysis.
  • Control Logging, Monitoring and Reporting: Manage the IT control oversight process, including the design and evaluation of controls, enforcement of and participation in control execution, and related control status logging. Duties include not only timely completion of existing controls but also improving control efficiency and effectiveness through better use of technology. Facilitate IT responses to internal and external audit inquiries.
  • Cybersecurity Awareness & Oversight: Work closely with the Head of IT to oversee the firm’s outsourced Managed Security Service Provider. Activities include security awareness training, policy reviews, phishing tests, vulnerability assessments, security reporting, and security posture calls with vCISO and dedicated security analysts.





Note: Qualified candidates will be contacted within 2 business days of application. If an applicant does not meet the above criteria, we will keep your resume on file for future opportunities and may contact you for further discussion.

Date Posted 12/10/2019
Salary $75,000 - $95,000 + bonus

(2MB Max; allowed file formats: doc, docx, pdf, pptx, txt)

characters left