IT Risk Analyst

Emergent Professional Resources L.P. (EPR) • Houston, TX, US • 4d ago

**No C2C or Sponsorship Available**

Our Specialty Insurance client is looking to add an IT Risk Analyst to their team to their team. This opportunity is located in North West Houston and offers hybrid flexibility. This role works closely with IT, cybersecurity, compliance, and business units to ensure the effective management of risks across systems, applications, and processes.

Key Responsibilities:

Risk Identification & Assessment

Identify potential IT and cybersecurity risks across infrastructure, applications, vendors, and business processes
Conduct regular IT risk assessments, gap analyses, and control evaluations
Evaluate emerging technologies and threats to determine associated risk exposure
Support risk scoring, prioritization, and reporting in alignment with the enterprise risk management framework

Risk Mitigation & Control Management

Recommend, implement, and monitor risk mitigation strategies and IT controls
Collaborate with system owners to remediate control gaps or vulnerabilities
Validate the effectiveness of technical and procedural controls (e.g., access management, change management, backup/recovery)
Support policy and standards development for IT governance and security

Compliance & Audit Support

Ensure compliance with regulatory requirements (e.g., SOX, GDPR, HIPAA, PCI-DSS, ISO 27001, NIST)
Assist internal and external auditors with IT audit activities, supplying evidence and documentation
Monitor adherence to IT policies, procedures, and best practices

Reporting & Documentation

Prepare regular IT risk reports and dashboards for senior management and risk committees
Maintain risk registers, assessment records, and audit logs
Communicate complex risk concepts to non-technical stakeholders

Incident & Vendor Risk Management

Support incident response activities, including root-cause analysis and corrective action planning
Conduct vendor and third-party risk assessments, focusing on security posture and contractual compliance

Required Qualifications

3+ years of experience in IT risk, cybersecurity, IT audit, or governance
Knowledge of frameworks and standards such as NIST, ISO 27001, COBIT, and CIS Controls
Strong understanding of IT infrastructure, applications, cloud environments, and security practices
Excellent analytical, communication, and documentation skills
Experience with GRC tools (e.g., Archer, ServiceNow, LogicGate, RSA)