IT Risk Analyst
: Job Details :

Overview POSITION OVERVIEW Fidelity National Financial (FNF) is currently seeking a highly motivated results-driven Senior IT Risk Analyst with a solid background in identifying and managing IT and security risks. Proficient in independently conducting IT and security risk assessments and recommending effective risk management strategies. Adept at collaborating with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Strong analytical thinking and problem-solving abilities to be coupled with a deep understanding of IT infrastructure and cybersecurity principles. Committed to continuous improvement and staying updated with the latest security trends, technologies, and emerging IT and security risks. LOCATION This position sits at our HQ in Jacksonville, FL Hybrid schedule Monday, Wednesday, Friday work from home. Tuesday and Thursday, onsite. Ability to travel 5% as needed DUTIES & RESPONSIBILITIES Lead IT and security risk management activities, including risk identification, assessment, mitigation, and reporting Plan, conduct, and manage IT and security risk assessments, including annual and ad hoc assessments, and develop comprehensive reports for stakeholders Serve as an expert in information security and information technology, advising business units, security, and IT teams on risk-related issues, control enhancements, and emerging IT and security risks Facilitate technical discussions with stakeholders to assess IT and security risks associated with existing and new technologies or business initiatives Collaborate with cross-functional teams to operationalize the risk management framework and ensure alignment with business objectives Monitor and improve risk and control indicators, such as inherent risk, control effectiveness, and residual risk, and track remediation efforts Develop and maintain documentation related to IT and security risks, frameworks, processes, and controls Lead continuous improvement initiatives for the risk management program to ensure effectiveness and scalability Prepare and deliver risk-related presentations and status updates to senior management and stakeholders Maintain expertise in industry trends, cybersecurity frameworks, and best practices Mentor and support team members to enhance their understanding of IT and security risks Other duties as assigned MINIMUM REQUIREMENTS Bachelors degree in a technology, security, or related field, complemented by relevant certifications and work experience 710+ years of experience in IT and security risk management Extensive knowledge and experience conducting IT and security risk assessments, including the ability to lead risk workshops, assess controls, document results, generate risk assessment reports, create and follow-up on remediation Strong understanding of IT and security risk concepts, processes, and controls, with the ability to converse at a technical level Expertise in assessing risks and controls related to securing applications and technology platforms Experience with GRC tools (e.g., BWise/SAI360) and risk reporting processes Strong communication, organizational, and analytical skills Knowledge of IT and security risk frameworks such as NIST CSF, COBIT, CIS CSC, Cloud Controls Matrix, ITIL PREFERRED EXPERIENCE Professional certifications such as CISSP, CISA, CRISC, Security+, or FAIR certification Proficiency in regulatory and compliance requirements, including SOC 2, NYDFS Cybersecurity Regulation, and NAIC Insurance Data Security Model Law Experience with PowerBI