The Senior IT Risk Analyst provides technical expertise and supports Digital Technology & Innovation (DTI) in identifying, assessing, documenting, and resolving IT risks. This role serves as a key core team member in drafting IT risk analyses for all IT related processes. The role reports to the Director, DTI Risk Management and performs the DTI Risk Management and Fresenius Medical Care Enterprise Risk Management processes. The individual will help drive critical cyber security risk management initiatives across the enterprise.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Conduct IT risk assessments, using subject matter expertise, to identify both inherent and residual risk ratings.
Apply sound judgment in evaluating risks and controls; effectively challenge IT customers on the identification and acceptance of risks and the adequacy of controls and mitigating factors.
Partner with risk owners and stakeholders to obtain appropriate risk response plans and monitor risk response plans
Assist with oversight and communication of the portfolio of IT related risks with limited oversight.
Understand and stay current on best practices and guidance on achieving security.
Partner with other groups within DTI, Global Internal Audit, and Enterprise Risk Management to ensure risks are appropriately communicated and remain consistent with the ever-changing enterprise/industry risk environment.
Develop procedures to support the execution of operational risk processes.
Evangelize security best practices in dealings across all BU's and departments.
Maintain strong knowledge of risk management practices and IT best practices.
Build and maintain strong relationships with personnel across all Business Units.
Review and comply with the Code of Business Conduct and all applicable company policies and procedures, local, state and federal laws and regulations.
Assist with various projects as assigned by a direct supervisor.
Other duties as assigned.
EDUCATION:
Bachelor's Degree in Management Information Systems, Computer Science, or business/science related field required
EXPERIENCE AND REQUIRED SKILLS:
5-8 years of experience working with internal/external audits or risk management - methods and techniques for the assessment and management of risk.
Ability to operate as a pro-active and result-driven problem solver with excellent analytical and interpersonal skills.
Ability to understand IT processes, management objectives risk appetite and tolerances and impact of objectives, risk appetite and tolerances and impact of changes to risk profiles.
CISA, CISSP, CRISC, or other relevant certification(s) desired.
Strong client services orientation and communication skills coupled with a high sense of urgency to keep appropriate partners informed, including solutions to overcome obstacles to deliver to expectation.
Strong understanding of risk management, integration with enterprise risk management, and the integration with business strategy.
Solid understanding of IT Audit best practices. Former Big 4 IT auditor or Financial Services IT risk management experience preferred.
Experience in IT governance, risk, and controls, including governance frameworks.
Demonstrated technical writing, communication, and presentation skills.
Ability to work effectively in a team environment.