Senior IT Risk Assurance Analyst

At BBH we value diverse backgrounds, so if your experience looks a little different from what we've outlined and you think you can bring value to the role, we will still welcome your application!

What You Can Expect At BBH:

If you join BBH you will find a collaborative environment that enables you to step outside your role to add value wherever you can. You will have direct access to clients, information and experts across all business areas around the world. BBH will provide you with opportunities to grow your expertise, take on new challenges, and reinvent yourself-without leaving the firm. We encourage a culture of inclusion that values each employee's unique perspective. We provide a high-quality benefits program emphasizing good health, financial security, and peace of mind. Ultimately we want you to have rewarding work with the flexibility to enjoy personal and family experiences at every career stage. Our BBH Cares program offers volunteer opportunities to give back to your community and help transform the lives of others.

At Brown Brothers Harriman, we believe no job is too big or small for any of us to handle if it helps our clients. We value passionate, committed people who enjoy collaborating with others to find new solutions to complex business challenges. We are looking for the type of person who speaks their mind, truly listens and steps outside their role to add value wherever they can. Someone who is driven to get things done and views obstacles as an exciting challenge that demands a creative solution. Above all, we seek someone who takes great pride in their work and is inspired and motivated by their role in protecting and enhancing our client's financial well-being.

If you are looking for an entrepreneurial environment where you can learn and thrive, Brown Brothers Harriman is the right place for you.

POSITION SUMMARY

The Senior IT Risk Assurance Analyst is responsible for supporting and maintaining the IT risk assurance program which includes SOC1, SOC2, Control assurance, Control Testing, Key Performance and Key Risk Indicator development, policy development, guidance and best practices analysis that help reduce operational IT risk. This position is aligned functionally within the organization and therefore is responsible for advising others to help see that the risk assurance process flows smoothly end-to-end within their area of responsibility. The position requires an ability to interpret detailed technical standards and regulation and compare those to actual practices including, but not limited to gathering and analyzing, audit, or policy compliance reports. The position also assists in evaluating current and future IT tools and procedures for compliance and monitoring. The role will also play a key role in managing Technology Audit Action plans and maintaining the Risk Acceptance and Risk Assurance database for accuracy and consistency, including weekly and monthly reporting commitments.

PRINCIPAL RESPONSIBILITIES

Control Assurance - Governance and Testing

• Develop Control Assurance Testing Program
• Analyze Controls outputs to develop an early indicator program for performance and risk (KPI/KRI)
• Develop and Implement KPI / KRI metrics with targets and resolutions
• Provide weekly and monthly reports and presentations demonstrating progress and program effectiveness
• Define multi year control testing vision plan
• Work closely with IT and other control areas to ensure the initial design and enhancement of IT products, processes and best practices are in line with the risk profile of the Firm

IT Risk Assurance Management and Control

• Oversight of System and Organizational Controls 1(SOC1) Information Technology Governance Controls (ITGC)
• Support System and Organizational Controls 2 (SOC2) program
• Execute and facilitate testing of the IT General Controls for the SOC1 program
• Effectively communicate with IT and BBH areas to ensure that the IT related policies, standards and procedures are implemented as deemed appropriate for BBH. Deliver and continue to enhance management level reports on the progress and state of IT Risk programs and initiatives.
• Become an expert user of the standard Archer toolset for maintaining, communicating, and reporting on policies, standards and procedures.
• Recommend enhancements to risk analysis tools.
• Provide functional and analytical support of GRC tools such as Archer and or applicable databases.
• Support IT and Tech Service's Risk & Control Self Assessments (RCSA) in accordance with the ERM and IT Risk policy and program.

POSITION SCOPE

• Internal: IT Assessment/Application Data Owners and Business Managers. Enterprise Risk Management Cyber & Technology Risk team members; Governance Risk & Compliance (GRC) team members
• External: Share and exchange information with vendors.

KNOWLEDGE, SKILLS AND ABILITIES

• Bachelor's degree in Information Technology, Management, Finance or related discipline, Hard Science (Chemistry, Physics) or specialized training required.
• 6+ years of relevant IT work experience which may include Control Assurance, Control or Technical Auditing, Information Security, IT Enterprise Architecture, IT Vendor Assessment, Development, Production Assurance and/ or IT Governance, Risk and Compliance areas,
• 3+ Experience in the financial services industry or comparable service sector
• Excellent interpersonal, communication (oral and written), organizational, and decision-making skills
• Demonstrates integrity, good judgment, tact in communication and decision making
• Demonstrates ability to think creatively while accounting for multiple perspectives in any given scenario
• Ability to appropriately balance firm IT risks with business impact & benefit
• Ability to recognize patterns in structure and unstructured data and to draw appropriate connections between seemingly disparate pieces of information; Attention to Detail
• Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change
• Must be able to work independently and with minimal direct supervision
• Strong problem solving and analytical skills.
• Ability to interact with all levels of management
• Excellent project management skills.
• Strong ability to communicate technical information to non-technical staff.
• Ability to manage a complex control catalog
• Strong understanding of IT related Regulatory and Industry Best Practices and Standards including ITIL, FFIEC, COBIT, ISO, NIST, Privacy etc.
• Strong understanding of Systems Development Lifecycle Methodologies
• Strong awareness of the current IT Enterprise Architecture approach including TOGAF and IT Governance models
• Strong awareness of the current IT security threat landscape
• Ability to communicate well with others to facilitate and enhance the understanding and compliance to security policies
• Ability to use standard desktop tools effectively, including Microsoft Office and Visio.

What We Offer

• A collaborative environment that enables you to step outside your role to add value wherever you can
• Direct access to clients, information and experts across all business areas around the world
• Opportunities to grow your expertise, take on new challenges, and reinvent yourself-without leaving the firm
• A culture of inclusion that values each employee's unique perspective
• High-quality benefits program emphasizing good health, financial security, and peace of mind
• Rewarding work with the flexibility to enjoy personal and family experiences at every career stage
• Volunteer opportunities to give back to your community and help transform the lives of others

This role can be based in either our Boston or Jersey City locations and will be a hybrid role, with three days in office.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, genetic information, creed, marital status, sexual orientation, gender identity, disability status, protected veteran status, or any other protected status under federal, state or local law.

Salary Range

$110,000 - $150,000 base salary range

BBH's compensation program includes base salary, discretionary bonuses, and profit-sharing. The anticipated base salary range(s) shown above are only for the indicated location(s) and may differ in other locations due to cost of living and labor considerations. Base salaries may vary based on factors such as skill, experience and qualification for the role. BBH's total rewards package recognizes your contributions with more than just a paycheck-providing you with benefits that enhance your experience at BBH from long-term savings, healthcare, and income protection to professional development opportunities and time off, our programs support your overall well-being.