Technology Risk Analyst

Location US-NY-Long Island City


Serve the people who serve the world by joining a dynamic organization dedicated to enriching the lives of its members, who in turn are dedicated to maintaining international peace and security.  Positon includes analyzing both internal and external risks related to technology and understanding the potential impact in delivering on our mission, vision, and core values. Analysis entails obtaining an interconnected enterprise understanding of risks and in recommending response strategies to risks such as financials, competition, internal controls, analytics, modelling, protecting, and ensuring the privacy of member’s information globally. Requires independence in performing oversight of the organization’s risks related to technology, which are embedded throughout the organization and with third parties.


The Enterprise Risk Management (ERM) department welcomes bold and diverse thinking. It is not part of the Technology department which houses IT, Engineering, and Information Security. Rather, ERM is an oversight function whose purpose is to ensure that risks are not taken within the organization that will jeopardize delivering on our Strategy, Mission, Vision, and Core values. 


  • Develop and manage an ongoing technology risk program as part of the overall ERM Program with the purpose of providing assurance that enterprise wide technology risks (includes information security risk) are effectively managed (e.g. identifying, measuring, mitigating, monitoring, reporting) and within risk appetite.
  • Provide knowledge, oversight, and challenge of interdependent technology and business risks related to items such as business continuity planning, disaster recovery, security controls, infrastructure, data management, project management, new systems/technologies, financial risks, and third-party risk management.
  • Provide risk oversight of technology activities such as determining whether existing information security controls are effective. Furthermore, risk oversight includes providing challenge and collaborating closely with Information Technology (IT) and Information Security (IS) personnel in understanding and developing effective risk management practices.
  • Perform independent risk identification and development of monitoring reports on IT, IS, third-party risk, etc. This also entails reviewing existing reporting and data to explain trends, exceptions, and to identify emerging technology risks and issues.
  • Develop risk measures/dashboards that measure risk and effectiveness of the technology risk program.
  • Facilitate administration and integration of risk data on a Governance, Risk, and Compliance system.
  • Assess adequacy of existing controls; determine and propose new appropriate controls for technology-related risks.
  • Maintain a good understanding of the structures and main activities of the ERM Department and how it supports the needs of the organization and its members.



  • Bachelor's degree (or Associate’s degree with requisite experience) with majors or minors in any of the following: Computer Science, Languages, Literature, Information Science, Engineering, Information Systems, or related fields, coupled with related work experience supporting the delivery or improvement of IT services and systems 
  • Technologist with more than 2 years in IT and IS related work is preferred, i.e. experience in technology field, including IT control environments or comparable experience working in roles such as technology startups, or as a consultant in a professional services firm delivering IT advisory services
  • Experience in planning complex projects, influencing product design and balancing business vs. technology benefits during all phases of a project lifecycle
  • Familiarity with IT governance and controls, including governance frameworks, COBIT, FFIEC, COSO, ISO-31000, NIST, ISO, BITS, etc.
  • Experience in process improvements and ability to drive results across multi-disciplinary teams



  • Experience with IT and IS regulatory requirements is preferred
  • Ability to dive into unstructured data and produce actionable insights
  • Demonstrated in-depth technical capabilities and practical knowledge of technological concepts
  • Experience and familiarity with the following competencies are recommended:
    • IT systems integration
    • Technical delivery and agile transformation
    • IT transformation/complex program management
    • Program/portfolio architecture
    • Business and IT alignment
    • IT organizational change management
    • IT cost optimization and budget/financial and enterprise resource management
    • IT service/delivery management, including shared services.
    • Ability to understand IT business processes, management objectives, risk appetite and tolerances and impact of changes to risk profiles



  • Excellent verbal, written and interpersonal communication skills, facilitation and consensus-building skills and a high degree of personal initiative and attention to detail
  • Conceptual and practical thinking and implementation skills
  • Demonstrated relationship-building skills, with a superior ability to make things happen through the use of positive influence
  • Ability to work effectively in a small team while developing and maintaining strong working relationships with all levels across the organization
  • Ability to adapt, pivot, and handle multiple tasks simultaneously and meet established deadlines or changing priorities
  • Ability to independently plan, coordinate, and manage workload. Maintains an awareness of workload not directly under their control and demonstrates flexibility in making most effective use of resources to achieve objectives
  • Curious with analytical, influencing, problem solving, and negotiation skills
  • Strong self-management, sense of ownership, and organization skills
  • Ability to employ project management techniques to support and/or undertake projects recognizing and planning for particular areas of uncertainty
  • Motivated in learning new technologies and in identifying process improvements and efficiencies
  • Sound judgment when presented with difficult decisions, especially when only partial information is available
  • Can take initiative in a dynamic environment and is eager to learn and grow
  • Critical thinker with the ability to discern areas of risk, trends, and patterns
  • Has a risk management mindset, with the ability to challenge the status quo
  • Ability to learn quickly, “connect the dots” with a strong track record of developing idea from concept to deployment and delivering win-win solutions for the business
  • Can display positivity, kindness, and humility
  • Value creativity, out-of-the-box thinking, and problem solving



  • Standard office conditions


In addition to any specific job requirements in connection with Bank Secrecy Act and/or OFAC (BSA), employee must (i) be aware of BSA matters commensurate with the position; (ii) report any suspicious activity to the manager or compliance department; and (iii) satisfactorily complete any required BSA training.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed