IT Governance Analyst

Starr Insurance Companies is a leading insurance and investment organization, providing commercial property and casualty insurance, including travel and accident coverage, to almost every imaginable business and industry in virtually every part of the world. Cornelius Vander Starr established his first insurance company in Shanghai, China in 1919. Today, we are one of the world’s fastest growing insurance organizations, capable of writing in 128 countries on 6 continents. Position Summary The IT Governance Analyst (Technical Focus) plays a pivotal role in ensuring that IT infrastructure, operations and administrative practices are aligned with organizational objectives, regulatory mandates, and recognized governance frameworks such as COBIT, NIST, ISO/IEC 27001, and ITIL. This position is ideal for a technically proficient professional with a strong foundation in IT systems administration and a passion for improving compliance, risk management, and audit readiness. This role acts as a key bridge between technical teams (e.g., Systems, Network, Applications and Cloud Administrators) and Governance/Risk/Compliance (GRC) programs, driving continuous improvement, policy adherence, and operational excellence. Key Responsibilities Governance & Compliance • Develop and implement IT governance frameworks, policies, and standards aligned with regulatory and business requirements. • Conduct assessments of IT administrative practices to ensure alignment with governance, security, operational standards, and Disaster Recovery procedures. • Collaborate with system and network administrators to ensure secure configurations and adherence to operational control standards. Technical Oversight • Apply expertise in IT administration to evaluate and improve configurations across systems (Windows, Active Directory, virtualization platforms, Database, etc.). • Review backup strategies, patching routines, system hardening, and network segmentation from a governance and risk standpoint. • Serve as a technical resource for control testing, remediation planning, and audit response. Risk Management • Support risk assessments with hands-on analysis of system logs, user access, and control effectiveness. • Work with infrastructure and application teams to proactively identify and mitigate operational and cybersecurity risks. • Participate in business continuity planning and disaster recovery testing with a focus on administrative responsibilities. Audit & Reporting • Laison with Technology teams to obtain evidence of IT administrator tasks (e.g., access reviews, change logs, backup verifications) during internal and external audits. • Track and document system-level compliance with technical policies (e.g., minimum security baselines, configuration standards). • Generate dashboards and status reports on administrative compliance metrics. Process Improvement • Identify inefficiencies or risks in IT administration practices and recommend governance-aligned improvements. • Advocate for automation and scripting to ensure consistency, compliance, and audit readiness. • Support the implementation of role-based access controls (RBAC), system monitoring, and least privilege models. Qualifications **Required:** • Minimum 3–5 years of hands-on experience as an IT Administrator (e.g., Systems Administrator, Network Administrator, or similar technical role). • Certified Information Systems Auditor (CISA) certification (must be current or obtained within 6 months of hire). • Experience with enterprise IT systems such as Active Directory, Windows Server, Linux, firewalls, virtualization platforms (e.g., VMware, Hyper-V), and cloud infrastructure (e.g., AWS, Azure). • Strong understanding of IT governance frameworks (COBIT, NIST CSF, ISO 27001) and ITIL-based processes. • Direct experience supporting internal/external audits, evidence collection, and control documentation. **Preferred:** • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field. • Industry certifications such as CISA, CRISC, CISSP, CBRITP, CBCP, CompTIA Security+, ITIL, or Microsoft/AWS/Linux administration certs. • Experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream) • Strong technical documentation and policy development skills. Key Competencies • Technical and operational expertise in IT systems administration • Risk awareness and regulatory understanding • Strong analytical and troubleshooting skills • Excellent communication and documentation abilities • Commitment to continuous improvement and security best practices For individuals assigned and/or hired to work in New York, Starr Insurance Companies is required by law to include a reasonable estimate of the compensation range for this role. The wage range for this role takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets: experience and training: licensure and certifications: and other business and organizational needs. A reasonable estimate of the current range is $95,000-$105,000. #LI-EP1 Starr is an equal opportunity employer, which means we'll consider all suitably qualified applicants regardless of gender identity or expression, ethnic origin, nationality, religion or beliefs, age, sexual orientation, disability status or any other protected characteristic. We recruit and develop our people based on merit and we're committed to creating an inclusive environment for all employees. We offer first class training and development opportunities to all employees. Our aim is to grow our own talent and bring out the best in people.