**Job Description / Role Profile**
Job/Position: Senior Risk Analyst
BU/Organization: Global Data & Technology
Department: Cyber & Digital Trust
Location: Mexico
Management Level: TBD
Global Reporting Level (CEO=1): TET-5
Line Manager's Job/Position Title: Head of Policy, Risk and Control Analytics
**_ OBJECTIVES/PURPOSE _**_(3-4 bullets)_
- Provides a holistic, business-oriented approach to the management of information security risk using likelihood and impact to guide and advise the business
- Provides technical and business leadership teams across the organization with the analysis needed to make risk-based decisions
- Collects and maintains risk and policy exception data using the team's Governance, Risk, and Compliance (GRC) platform
- Develops reports and dashboards to help measure risk
**_ ACCOUNTABILITIES _**_(Describe the primary duties and responsibilities of the job. Include only the essential functions of the job. Approximately 5 - 10 bulleted task statements should be identified)._
- Triage and manage risks and policy exceptions according to internal operating standards
- Participate in team meetings and aid colleagues
- Act as a risk advisor when communicating with risk stakeholders
- Collaborate with risk stakeholders to develop and track mitigation plans and ensure compliance with policies and standards
- Track and report on risk reduction progress
- Assist in the development and maintenance of our internal control framework
- Assist in the maintenance of our policy framework and training platforms
**_ DIMENSIONS AND ASPECTS _**
- Advises on technical risks in terms familiar to the risk stakeholders
- Creates and maintains departmental documentation and operating procedures used by risk stakeholders
- Organizes information in ServiceNow GRC and Excel and creates reports, dashboards, and pivot tables
**Leadership** _(Vision, strategy and business alignment, people management, communication, influencing others, managing change) _
- Influences action across various technical, non-technical, and geographic teams to reduce risk
- Ability to effectively manage conflicting priorities
- Develops strong relationships with other teams across the organization
**Decision-making and Autonomy** _(The capacity and authority to make organizational decisions, autonomy in decision-making, complexity of decisions, impact of decisions, problem-soliving)_
- Operates autonomously to triage and manage risks and exceptions
- Leverages technology to organize complex data sets and develops analytical reports (primarily using ServiceNow GRC and Excel)
- Responds to risk stakeholders in a timely manner, engages colleagues when needed, and escalates when necessary
**Interaction** _(The span and nature of one's engagement with others when performing one's job, internal and external relationships)_
- Balances conflicting priorities by leveraging project management and personal organization skills
- Operates effectively across a matrixed organization
- Demonstrates cultural sensitivity and is respectful of colleagues
**Innovation** _(The required level of scientific knowledge, knowledge sharing, innovation and risk taking)_
- Innovates to find new solutions to problems
- Applies innovative approaches to reduce risk and minimize business impact
**Complexity** _(Products managed, mix of businesses, internal and/or external business environment, cultural considerations)_
- Operates across geographies and technologies
- Collaborates effectively within the team, across teams, and with vendors
**_ EDUCATION, BEHAVIOURAL COMPETENCIES AND SKILLS:_** _(List the essential and desirable education and competency requirements to perform the primary responsibilities of the job. Any minimum requirements should be noted.)_
- ** Essential**
- Bachelor's degree or equivalent
- Ability to manage multiple workstreams simultaneously
- Ability to thick critically and analytically
- Strong data organization and analysis skills such as merging data sets, concatenating fields, developing pivot tables, charts and graphs
- 5 years of data analysis and data manipulation experience
- Excellent communication, interpersonal, presentation, and organizational skills
- Comfortable operating in and navigating a global organization where risk stakeholders can be located across geographies and time zones
- ** Desired**
- Preferred experience with risk management practices such as NIST 800-30 and 800-33
- Background with control frameworks such as NIST CSF and 800-53
- Ability to create macros and simple automation in Excel
**_ ADDITIONAL INFORMATION_**_ (Add any information legally required for your country here)_
- Flexibility to participate in risk activities outside of local business hours
**Locations**:
MEX - Santa Fe
**Worker Type**:
Employee
**Worker Sub-Type**:
Regular
**Time Type**:
Full time