10874 - Sr. Risk Operation Analyst - Integrated Risk Management "IRM"

• Maintain and evolve the enterprise technology control library, ensuring alignment with internal policies, standards, and external frameworks (e.g., NIST CSF 2.0, ISO 27001, CIS).
• Own the lifecycle management of technology risk policies and standards, including updates, reviews, approvals, and communications.
• Ensure controls, policies, and standards are clearly mapped to regulatory, legal, and business requirements.

• Run and continuously improve core Risk Operations processes, including:
  • Technology Risk Assessments (consistently assessing the inherent risk, control effectiveness within the environment )
  • Risk Issue Management (identification, validation, remediation tracking, closure)
  • Risk Exception Management (intake, assessment, approvals, renewals, expirations)
• Ensure risk processes are executed consistently, on time, and in accordance with defined methodologies.
• Act as a subject matter expert for risk process guidance to technology, security, and business teams.

• Design, build, and maintain risk dashboards and reporting that provide transparency into:
  • Open risk issues and remediation status
  • Exception volumes, aging, risk aggregation and trends
  • Risk assessment outcomes and key risk indicators (KRIs)
• Translate risk data into meaningful insights for senior leadership, customers and risk committees.
• Ensure accuracy, completeness, and audit-readiness of risk data across systems.

• Partner closely with Customers, Senior and Executive Leaders, Legal and other groups, to drive timely remediation and risk ownership.
• Support internal and external audits, regulatory inquiries, and risk governance forums with clear documentation and reporting.

• Identify opportunities to streamline and automate risk operations workflows.
• Support enhancements to GRC and risk tooling, including requirements definition, testing, and adoption.
• Contribute to the maturation of the Integrated Risk Management operating model.

• Experience: 7+ years of experience in Technology Risk, Cyber Risk, GRC, or IT Risk Management. Hands-on experience running technology risk assessments, issue management, exception processes and maintaining control libraries, policies, and standards. Familiarity with GRC platforms.
• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer science or a related field.
• Technical Expertise: Strong knowledge of technology control frameworks (e.g., NIST CSF/800-53, ISO 27001, CIS). Proven ability to create risk dashboards and executive-level reporting. Strong analytical, documentation, and process design skills
• Language Skills: Excellent stakeholder management and communication skills. Proficient in English for effective communication and coordination.

• Experience: Team leadership experience working within a CISO organization or large enterprise technology environment.  Implementation or maintenance experience with GRC platforms. 5+yrs experience in a top tier professional services firm, performing technology audit and/or risk management engagements.
• Education and Certifications: Masters degree in Cybersecurity, Information Technology, Computer Science or a related discipline is preferred. Industry-recognized credentials such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer are highly desirable.

• Language Skills: Bi-lingual in English and Korean language proficiency is preferred to support global coordination and communication.

Powered by JazzHR