Technology Risk Analyst (Remote)

Location:

For Those Who Work At Home - Various, Ohio 44145

The Technology Risk Analyst is a 2nd Line of Defense risk management position that provides independent oversight and Risk Management subject matter expertise to 1st Line of Defense Business units and their corresponding Business Risk and Control Analysts.

This position is responsible for Operational Risk oversight of the Key Technology and Operations Services line of business, as well as technology risk oversight for areas of the enterprise that manage technology. As part of this oversight role, experience with technology delivery, operations, architecture, governance, information security, and the ability to leverage that experience to identify material risks, provide credible challenge and assist in developing effective mitigation strategies.

Responsibilities include providing guidance and oversight on current and emerging legal, regulatory, and operational risk issues, monitoring and measuring operational risk performance, and reviewing and challenging strategy (initiative, products, third parties, clients), and other operational risk activities associated with line of business risks, control design & implementation, testing, remediation, loss analysis, key risk indicators/metrics.

Essential Job Functions

• Escalates promptly to appropriate senior management or appropriate risk committee any material breaches of applicable laws, rules, policies or standards with actual or potential operational risk impact, and necessary correction action.
• Assist in the response to ongoing regulatory and legal inquiries and investigations.
• Responsible for assisting with the ongoing development and implementation of the Major Line of Business (LOB) Operational Risk teams strategic plan to accomplish its Annual Operational Risk objectives, to include among others: the development and implementation of Operational risk policies and procedures; assessment, monitoring and testing; establishment of line of business accountability and escalation and reporting processes.
• Engage with leaders to understand their point of view on performance of their operations, emerging risks and strategic opportunities and initiatives.
• Evaluate the technology portfolio of projects, improvement efforts and strategic initiatives to ensure adequate investment in risk mitigation efforts in alignment with our risk tolerance and appetite
• Develop and maintain positive working relationships with internal clients, staff, peers, other risk partners, and LOB senior management.
• Responsible for primary execution of Operational Risk oversight and help guide and influence implementation of operational policies and/or procedures to mitigate risk within appetite.
• Evaluate major projects, strategic initiatives and new products for technology and information security risks
• Other duties as assigned
• Assist in building, maintaining and executing against a cyclical schedule of independent, risk-based assessments
• Perform regular monitoring of a series of reports, trigger events, emerging technologies, industry trends and other items to identify emerging risks
• Manage 2nd LOD requirements related to the Governance, Risk & Compliance application and Risk Assessment Processes.
• Analyze and provide feedback around risks associated with the offering of new and/or enhanced products, services, processes, business initiatives and outsourced third party activities.
• Provide authoritative and consultative advice and support to management utilizing independence yet providing pro-business solutions.
• Respond to internal and external audits, regulatory exams and requests for information and provide review & challenge of any line of business responses to internal and external audits. Assist in the evaluation of audit and examination findings and implementation of corrective action and needed responses.
• Evaluate risk and control identification within key processes and perform gap assessments on control coverage as well as first line of defense identification processes

Required Qualifications

• Capable of conducting in depth testing of systems, processes and controls
• Have an execution oriented, process efficiency and continuous improvement mindset
• Cloud Security Alliance Certs: CCAK
• Familiarity with Microsoft Office tools such as Excel, Teams, and the proven ability to learn how to use other unique technologies.
• Proven ability to have, maintain, and establish strong contacts within the industry so as to be aware of current industry issues and practices
• Bachelors Degree or equivalent experience
• Ability to view risk holistically within a dynamic, fast paced team environment
• Possessing intellectual curiosity and a passion for seeking to understand
• ISC2: CISSP, CCSP, SSCP
• In-depth practical knowledge of internal controls, risk assessments and operational and compliance processes, and applicable techniques for implementation of compliance and legal requirements and operational processes.
• Manage workflows and task assignment to ensure timely completion of work
• Demonstrated ability to work with internal and external auditors and regulators.
• Outstanding active listening skills
• Minimum of 8-10 years industry experience, within Operational Risk, Enterprise Risk, Technology Risk, Information Security Risk, External/Internal Audit or in the technology or information security lines of business.
• Cloud Provider-Specific Certifications
• Obtained or actively studying for at least one of the following certifications:
• ISACA: CISA, CRISC, CET, CGEIT, CISM
• Ability to think strategically coupled with the ability to drive to execution

Preffered Qualifications

• Current and practical knowledge of Technology and/or Information Security activities, challenges, and workflows
• Experience working in the financial services industry and or a second line oversight function for a financial institution
• Foundational knowledge of Archer GRC preferred
• MBA, or other relevant advanced education in business, finance, technology, or economics
• Additional industry certifications such as those listed above
• Project management, Agile experience preferred

Compensation And Benefits

This position is eligible to earn a base salary in the range of $92,500 to $130,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.

Please click here for a list of benefits for which this position is eligible.

Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be mobile or home based, which means you may work either at a home office or in a Key facility to perform your job duties.

KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.

Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing [email protected].