Senior IT Risk Analyst for Fidelity National Financial for HQ in Jacksonville, FL (salary not disclosed) UCF
Fidelity National Financial, Inc. (NYSE: FNF) is a leading provider of title insurance and...
Fidelity National Financial, Inc. (NYSE: FNF) is a leading provider of title insurance and transaction services to the real estate and mortgage industries. FNF is the nation's largest title insurance company through its title insurance underwriters - Fidelity National Title, Chicago Title, Commonwealth Land Title, Alamo Title and National Title of New York - that collectively issue more title insurance policies than any other title company in the United States. More information about FNF can be found at fnf.com.
POSITION OVERVIEW
Fidelity National Financial (FNF) is currently seeking a highly motivated results-driven Senior IT Risk Analyst with a solid background in identifying and managing IT and security risks. Proficient in independently conducting IT and security risk assessments and recommending effective risk management strategies. Adept at collaborating with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Strong analytical thinking and problem-solving abilities to be coupled with a deep understanding of IT infrastructure and cybersecurity principles. Committed to continuous improvement and staying updated with the latest security trends, technologies, and emerging IT and security risks.
LOCATION
- This position sits at our HQ in Jacksonville, FL
- Hybrid schedule: Monday, Wednesday, Friday, work from home. Tuesday and Thursday, onsite.
- Ability to travel 5% as needed
DUTIES & RESPONSIBILITIES
- Works with and supports the business units and/or business departments in the facilitation of the IT Risk Management (ITRM) framework
- Leads the discussions of IT and security risks with stakeholders and business units
- Management, operationalization, and participation in ITRM program activities associated with, but not limited to tracking, completion, and reporting of IT and security risks and remediation plans, oversight of the Application Risk Profile process and remediation plans and reviewing, analyzing, and reporting on risk-related issues
- Facilitates the review and risk evaluation of new or existing information resources or technology related services
- Develops and manages the reporting of the various risk and control indicators, such as inherent risk, control effectiveness, residual risk, and overall status
- Supports the development, implementation, and maintenance of risk assessment frameworks
- Participates in continuous program improvement, including but not limited to, requirements gathering, risk and control framework research, risk reporting
- Prepares status reports and presentations on a timely basis
- Works in a cross-functional role that requires communication and teamwork with other departments in FNF and its subsidiaries
- Other ITRM duties as assigned
MINIMUM REQUIREMENTS
- Bachelor’s Degree in a technology related field or business administration, accounting, finance, or related field augmented by industry related training programs and supported by work experience
- Requires 5 – 10+ years in IT and security risk management or similar field
- Expertise is completing risk assessments from beginning to end and running risk workshops
- Understanding of IT and security risks, processes, and controls and ability to converse at a technical level
- Assessing IT and security risks, processes, controls, and related documentation/evidence
- Ability to assess the risks and controls related to securing applications
- Demonstrated ability to plan, schedule, and coordinate work, and able to maintain elevated levels of confidentiality and professionalism as well strong organizational, communicative, and interpersonal skills
- Ability to identify emerging IT and security risks and assess impact to risk universe
- Familiar with IT and Security principles/frameworks such as COBIT, NIST CSF, Cloud Controls Matrix, CIS CSC, ITIL, ISO 27001
- Ability to prepare presentations, status reports, process narratives and workflow diagrams
- Experience with GRC software
PREFERRED EXPERIENCE
- Security related certifications such as CISA, CISSP, CISM, CRISC, or Security+
- Experience with BWise/SAI360 GRC
- Familiar with the SOC2 process and controls
- Familiar with Unified Compliance Framework and/or similar IT/Security Frameworks
For more info: https://hubs.la/Q02LBRs10