Compliance & Operational Risk Testing Analyst (Cybersecurity)

TL;DR

Compliance & Operational Risk Testing Analyst (Cybersecurity): Performing independent testing and control validation for IT and cybersecurity risks within a regulated financial services environment with an accent on second line of defense and regulatory compliance. Focus on executing test of design and operating effectiveness, identifying control gaps, and developing remediation recommendations.

Location: Remote

What you will do

• Execute independent compliance and operational risk testing using established methodologies.
• Develop and document testing procedures for complex policies, controls, and regulatory requirements.
• Perform test of design and operating effectiveness for IT and cybersecurity controls.
• Prepare detailed workpapers, supporting evidence, and formal testing documentation.
• Identify control weaknesses, process gaps, and perform root cause analysis to recommend corrective actions.
• Partner with internal audit, cybersecurity, and business stakeholders to present findings to leadership.

Requirements

• 4+ years of experience in IT Audit, Operational Risk, Compliance Testing, or Cybersecurity Risk.
• Experience interpreting and applying federal and state regulations and IT compliance standards.
• Proven track record of performing control testing, risk assessments, and operational effectiveness reviews.
• Advanced knowledge of testing methodologies and control frameworks.
• Bachelor’s degree or equivalent professional experience.
• Advanced proficiency in Microsoft Office, specifically Excel, Word, and PowerPoint.

Nice to have

• 6+ years of experience within large financial institutions.
• Certifications: CISA, CISSP, CISM, CRISC, CIA, or CDPSE.
• Experience supporting second line of defense functions.
• Knowledge of enterprise cybersecurity governance and risk frameworks.