Senior Technology Risk Analyst

At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application!

What You Can Expect At BBH:

If you join BBH you will find a collaborative environment that enables you to step outside your role to add value wherever you can. You will have direct access to clients, information and experts across all business areas around the world. BBH will provide you with opportunities to grow your expertise, take on new challenges, and reinvent yourself—without leaving the firm. We encourage a culture of inclusion that values each employee’s unique perspective. We provide a high-quality benefits program emphasizing good health, financial security, and peace of mind. Ultimately we want you to have rewarding work with the flexibility to enjoy personal and family experiences at every career stage. Our BBH Cares program offers volunteer opportunities to give back to your community and help transform the lives of others.

At Brown Brothers Harriman, we believe no job is too big or small for any of us to handle if it helps our clients. We value passionate, committed people who enjoy collaborating with others to find new solutions to complex business challenges. We are looking for the type of person who speaks their mind, truly listens and steps outside their role to add value wherever they can.  Someone who is driven to get things done and views obstacles as an exciting challenge that demands a creative solution. Above all, we seek someone who takes great pride in their work and is inspired and motivated by their role in protecting and enhancing our client’s financial well-being.

If you are looking for an entrepreneurial environment where you can learn and thrive, Brown Brothers Harriman is the right place for you.

Join us as a Sr. Technology Risk Analyst!

Brown Brothers Harriman is currently recruiting Sr. Cyber & Technology Risk Analyst to join our Cyber & Technology Risk Management team. Cyber & Technology Risk Management is core pillar of the Enterprise Risk Management group within BBH.

The Sr. Technology Risk Analyst will drive the risk management through control analysis and risk assessments for the Systems organization.  The Sr. Technology Risk Analyst will coordinate and conduct IT risk and vulnerability assessments and supports the design and implementation of controls to mitigate risks.  This position is responsible for supporting and offering insight to IT and the Business into the risk identification, assessment, mitigation and reporting activities that help reduce operational IT risk. 

Some of your key responsibilities include:   

• Risk Assessment and Management:
  • Identify and evaluate IT risks related to application development, application production support, database administration, data movement, middleware, distributed technologies, mainframe, data storage, desktop support, end-user computing and other infrastructure components.
  • Monitor technology risks for new and emerging initiatives and recommend proactive measures to address them.
  • Assess current technology control inventory and identify where a key control is needed or where a redundant control can be removed
  • Partner with fellow risk managers and risk governance team to identify and test controls to assess control effectiveness
  • Partner with senior risk managers to help conduct Risk and Control Self-Assessments (RCSAs) in specific Systems domains
  • Develop and implement risk management strategies to mitigate identified risks.

• Policy and Compliance:
  • Ensure compliance with regulatory requirements such as NY-DFS and industry standards (DORA) related to IT risk management.
  • Develop, implement, and enforce IT risk management policies and procedures.
  • Partner with risk governance team to conduct annual refresh of IT standards and procedures
  • Collaborate with internal and external auditors to address compliance issues and audit findings.

• Application Development Oversight:
  • Assess risks associated with new and existing applications, ensuring secure development practices.
  • Work with development teams to implement best practices for application security and data protection.
  • Evaluate third-party applications for security risks and compliance with bank policies.
  • Gauge the level of risk associated with risk exception requests by liaising with application development teams.

• Database (DB) Security:
  • Conduct annual DB user access attestations to ensure continued compliance with standards
  • Oversee the security and integrity of the bank's databases, ensuring data is protected from unauthorized access.
  • Collaborate with database administrators to implement robust data protection measures.
  • Partner with cyber monitoring team to monitor database activities and address vulnerabilities and incidents promptly.
  • Gauge the level of risk associated with risk exception requests by liaising with database administration teams

• Incident Response and Management:
  • Carry out post-incident response to IT security incidents by mapping incident root cause to controls and optimize as needed
  • Partner with the Business Continuity Planning (BCP) team to maintain and update the bank's IT incident response plan in compliance with industry regulations.

• Collaboration and Communication:
  • Work closely with IT, compliance, and the other risk management teams to align technology risk management with overall risk strategy.
  • Communicate IT risk management strategies and policies to stakeholders across the organization.

Qualifications include:

• Bachelor’s degree in IT or related discipline or specialized training required
• 8+ years of relevant technology risk or related Cyber or Core Infrastructure experience (engineering, cyber, technology control assurance, Technology Operations)
• 3+ years’ experience in the financial services industry preferred
• Strong interpersonal and relationship management skills with a demonstrated ability to work in a changing Application Development environment, [and produce results although the ask can often be ambiguous][This is a bit strange]
• Experience with IT risk and threat assessment methodologies
• Knowledge of Cyber security protocols and industry best practices
• Knowledge of operating platforms, database and sub-system platforms and products
• Basic knowledge of IT regulatory and compliance requirements
• Experience with standard desktop tools, including Microsoft Office
• Ability to weigh business needs against risk concerns and articulate issues to management
• Ability to handle multiple priorities, while meeting deadlines
• Strong problem solving, organizational and project management skills
• Strong written and verbal communication skills
• Preferably holds one or more of the following or equivalent certifications: CISSP, CISM, CISA, CIA, CRISC, CGEIT CIAC, ISO
• Experience with industry standard GRC Tools

This role can be based in our Jersey City or Boston locations and is a hybrid role, with three days per week in office.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.

   

Salary Range

Jersey City salary: $110k-$150k + annual bonus target

BBH’s compensation program includes base salary, discretionary bonuses, and profit-sharing. The anticipated base salary range(s) shown above are only for the indicated location(s) and may differ in other locations due to cost of living and labor considerations. Base salaries may vary based on factors such as skill, experience and qualification for the role. BBH's total rewards package recognizes your contributions with more than just a paycheck—providing you with benefits that enhance your experience at BBH from long-term savings, healthcare, and income protection to professional development opportunities and time off, our programs support your overall well-being.