Senior Analyst, IT Risk Management

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.
This role offers work flex split of working from home and from our office.
The IT Controls, Quality and Governance (ITQG) is responsible for providing first line oversight of information technology (IT) risks associated with all operating activities of CNA. The primary responsibilities include defining and maintaining risk frameworks, performing risk review and evaluation to identify and respond to risks, and monitoring and reporting aggregated risk and risk response to enable business objectives and decision making, and driving continuous improvement of risk management capabilities across the Enterprise. ITQG coordinates with other risk functions to address IT risks. Information risk refers to confidentiality, integrity and availability risk of all information due to potential theft, abuse (internal or external) and insufficient controls across the organization including information security and data governance. Technology risk encompasses all risks related to the design, development, and deployment of application, infrastructure and end user technology solutions to meet business objectives with required ability and resiliency, specifically the risk of architecture and design, technology change, technology availability, disaster recovery, system security and end user computing.
Position Overview
ITQG is looking for an experienced Analyst to support first line strategy enablement and day-to-day risk management activities. The Analyst will support the ITQG leadership team and business partners execute risk management activities in alignment with ITQG framework and IT process, risk and control (PRC) framework. The Analyst will be accountable to spearhead initiatives that enable the broader ITQG strategy including technology capabilities and modernizations, methodology execution, and adoption activities. Given appropriate oversight and guidance, the Analyst will be accountable to perform first line activities such as ITQG risk assessments and other risk management activities including risk identification, profiling, assessment, response, evaluation and advising the business on issues remediation.
This position requires that the applicant have a foundational or intermediate understanding of IT risks and the execution of first line IT risk management processes and governance within a large institution. The applicant must also have good communication and management skills, and strong knowledge of industry best practices.
JOB DESCRIPTION:
ITGC Strategy and Transformation:

• Support the implementation of the target state program based on the planned roadmap for ITQG focus areas including governance, risk management methodologies, technology enablement and automation, metrics, and reporting.
• Collaborate with the three lines of defense and other risk functions on behalf of ITQG to support, enable and align the ITQG strategy within the broader CNA risk functions.
• Engage stakeholders at all levels across businesses and divisions to ensure effective communication and sufficient stakeholder input and buy-in.
• Help develop education, training, and awareness campaign materials regarding IT risks as well as critical communications to help provide clarity and adoption in support of the ITQG program transformation.

ITGC Operational Activities:

• Execute ITQG operational activities including:
  • Risk profiling (inherent risk assessment);
  • Risk assessments for processes, applications and infrastructure;
  • Risk and scenario analysis for IT risks; and
  • Risk metrics and reporting .
• Document and develop materials for leadership to review issues identified through ITQG activities.
• Help the business create, shepherd governance channels and monitor execution of the risk response plans in alignment with ITQG methodology.
• Act as the point of contact to assist and respond to questions from key stakeholders and the business; manage required escalations and communication.
• Provide IT guidance and risk advisory support to key initiatives.
• Develop materials to provide regular updates to CNA Executives on the overall health of the program including preparing necessary information to facilitate management discussion and decision making.

Qualifications

• 3+ years of experience with IT Governance and risk functions
• Demonstrates a willingness to learn, self-starter and strong teaming capabilities
• Understanding of IT governance and technology risk management principles and best practices
• Strong interpersonal skills to support stakeholder communication and engagement across businesses
• Experience with technology process, risk and control framework
• Required: Bachelor's degree
• Preferred: Knowledge and skills across
  • COSO
  • ISACA Risk IT framework
  • ISACA COBIT 5.0 or 2019
  • ISO 31000-series and 27000-series, 13335
  • NIST Cybersecurity framework

#LI-CG1
CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact [email protected] .