Sr. IT Risk Oversight Analyst (Hybrid)

Job Summary:

The Sr. IT Risk Analyst will lead the identification, assessment, and mitigation of Technology risks across the enterprise. IT Risk Analysts use their knowledge and expertise to examine systems and procedures to identify technology-related risks and controls related to Identity and Access Management (IAM), Data, Privacy, IT Asset Management (ITAM), Infrastructure, Business Continuity and Disaster Recovery (BCP/DR), etc. Responsibilities include assessing the adequacy of the IT control environment.

Job Duties And Responsibilities:

• Develop an understanding of Synovus' Technology Risk Management (TRM) framework with a focus on the Technology risk categories.
• Identify risk and controls that meet specific criteria that align to technology frameworks.
• Identify risk and controls that meet specific criteria that maps to COBIT Management Objectives.
• Lead Technology partners in Risk Control Self-Assessment (RCSA) workshops to assess IT risks and document the results. Work with management to document action plans to close control gaps.
• Identify and develop new metrics based on the operational and technology risk frameworks
• Investigate and document technology events including incidents, loss events, audit findings, regulatory findings, etc.
• Each team member is expected to be aware of risk within their functional area. This includes observing all policies, procedures, laws, regulations and risk limits specific to their role. Additionally, they should raise and report known or suspected violations to the appropriate Company authority in a timely fashion.
• Performs other related duties as required.

The information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Synovus is an Equal Opportunity Employer committed to fostering an inclusive work environment.

Qualifications

Minimum Education:

• Bachelor's degree in related field or an equivalent combination of education and experience.

Minimum Experience:

• Five years experience identifying, documenting and evaluating IT risk and controls; prior work experience in the capacity of Technology, Information Security, Risk Management, IT Audit, or related field is required.

Required Knowledge, Skills, & Abilities:

• Strong understanding of technology and information security concepts
• Strong analytical and problem solving skills including the ability to probe sensitive issues while maintaining the highest level of integrity and objectivity
• Have a grasp on technology and security standards to the degree required to provide credible challenge; Stay knowledgeable of current advances in all areas of information technology
• Ability to perform multiple tasks in a fluid environment and work both independently and as a team member
• Strong verbal, written communication skills, and the ability to interact with various levels of management
• Proficiency in computer applications including Microsoft Office products (Word, Excel and PowerPoint) and other applications
• Working knowledge of IT General Controls (ITGC) and technology related frameworks such as COBIT, NIST Cyber Security, ITIL/ITSM
• General understanding of the components of an Operational Risk Management (ORM) framework