Senior IT Risk Analyst

Overview

POSITION OVERVIEW

Fidelity National Financial (FNF) is currently seeking a highly motivated results-driven Senior IT Risk Analyst with a solid background in identifying and managing IT and security risks. Proficient in independently conducting IT and security risk assessments and recommending effective risk management strategies. Adept at collaborating with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Strong analytical thinking and problem-solving abilities to be coupled with a deep understanding of IT infrastructure and cybersecurity principles. Committed to continuous improvement and staying updated with the latest security trends, technologies, and emerging IT and security risks.

LOCATION

• This position sits at our HQ in Jacksonville, FL
• Hybrid schedule – Monday, Wednesday, Friday work from home. Tuesday and Thursday, onsite.
• Ability to travel 5% as needed

DUTIES & RESPONSIBILITIES

• Lead IT and security risk management activities, including risk identification, assessment, mitigation, and reporting
• Plan, conduct, and manage IT and security risk assessments, including annual and ad hoc assessments, and develop comprehensive reports for stakeholders
• Serve as an expert in information security and information technology, advising business units, security, and IT teams on risk-related issues, control enhancements, and emerging IT and security risks
• Facilitate technical discussions with stakeholders to assess IT and security risks associated with existing and new technologies or business initiatives
• Collaborate with cross-functional teams to operationalize the risk management framework and ensure alignment with business objectives
• Monitor and improve risk and control indicators, such as inherent risk, control effectiveness, and residual risk, and track remediation efforts
• Develop and maintain documentation related to IT and security risks, frameworks, processes, and controls
• Lead continuous improvement initiatives for the risk management program to ensure effectiveness and scalability
• Prepare and deliver risk-related presentations and status updates to senior management and stakeholders
• Maintain expertise in industry trends, cybersecurity frameworks, and best practices
• Mentor and support team members to enhance their understanding of IT and security risks
• Other duties as assigned

MINIMUM REQUIREMENTS

• Bachelor’s degree in a technology, security, or related field, complemented by relevant certifications and work experience
• 7–10+ years of experience in IT and security risk management
• Extensive knowledge and experience conducting IT and security risk assessments, including the ability to lead risk workshops, assess controls, document results, generate risk assessment reports, create and follow-up on remediation
• Strong understanding of IT and security risk concepts, processes, and controls, with the ability to converse at a technical level
• Expertise in assessing risks and controls related to securing applications and technology platforms
• Experience with GRC tools (e.g., BWise/SAI360) and risk reporting processes
• Strong communication, organizational, and analytical skills
• Knowledge of IT and security risk frameworks such as NIST CSF, COBIT, CIS CSC, Cloud Controls Matrix, ITIL

PREFERRED EXPERIENCE

• Professional certifications such as CISSP, CISA, CRISC, Security+, or FAIR certification
• Proficiency in regulatory and compliance requirements, including SOC 2, NYDFS Cybersecurity Regulation, and NAIC Insurance Data Security Model Law
• Experience with PowerBI