Technology Risk Analyst
Maine - Remote Office, United States
Full Time Entry-level / Junior USD 83K - 110K
WEX
WEX is the global commerce platform for fuel and fleet, employee benefits, and business payments. Simplify your business and let WEX handle the complex.About the Team/Role
The Technology Risk Analyst is a critical role within the Risk Management group at WEX. This role will directly support our Technology SOX, SOC1, SOC2, and HITRUST audits. This role works closely with technology practitioners in the first line of defense as well as our internal and external auditors.
Support various IT Audits and Examinations including operational audits, SOX, SOC1, SOC2, and HITRUST.
Work closely with Internal Audit and External Audit teams to facilitate all interactions with technology practitioners.
Ensure Audit requests for evidence are satisfied in a timely and complete manner.
Schedule, plan and lead technology process walkthroughs with control owners and internal audit groups.
Facilitate meetings, take meeting minutes, document issues and actions for resolution.
Track all technology control issues, ensure management corrective action plans are defined, address the root cause of the issue and oversee progress of remediation.
Facilitate general awareness and training related to SOX, SOC1, SOC2, and HITRUST.
Perform Technology Control Assessments in support of SOX, SOC1, SOC2 and HITRUST.
Advise technology practitioners on the proper design and implementation of Technology Controls (example: Identity & Access Management, Change Management, Backup Operations, Network Operations, Job Scheduling, Incident Management, and Logging & Monitoring)
Develop, track and report on results of work using our GRC tools.
As needed perform risk and deviation analysis on identified audit issues to understand root cause of failure, overall impact to the organization and identify mitigating and compensating controls in place to manage the risk.
Experience you'll bring
Education: Bachelor’s degree in a related technical discipline, or the equivalent combination of education, technical certifications, training, or work experience required.
Experience: 5 years of related experience in IT risk management, internal audit, project management or IT Governance required.
Understanding of broad technology concepts such as: Access Controls, Disaster Recovery, Change Management, IT Service Management, IT Security, Cloud technologies, and Information Security controls.
Knowledge of Risks and Controls framework and methodologies.
Successfully complete a background investigation.
Preferred Qualifications
Financial services industry experience, consulting, Regulatory/ IT Audit, Big 4, or IT service management preferred.
Relevant certifications such as CRISC, CGEIT, CISA, and CISSP preferred.
Complexity:
Works on problems of diverse scope where analysis of data requires attention to detail and evaluation of identifiable factors.
Demonstrates good judgment in selecting methods and techniques for obtaining solutions.
Networks with senior internal and external personnel in their own area of expertise.
Strong oral and written communication skills to work effectively with employees of all levels of the organization. Must be comfortable driving conversations related to risk and controls with teams of varied backgrounds.
Highly organized with the ability to prioritize and multitask.
Normally receives little instruction on day-to-day work, general instructions on new assignments.
Tags: Audits CISA CISSP Cloud CRISC Governance HITRUST Monitoring NetOps Risk management SOC 1 SOC 2 SOX
Perks/benefits: Competitive pay Flex hours Flexible spending account Flex vacation Health care Insurance Salary bonus
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.