POSITION OVERVIEW
Fidelity National Financial (FNF) is currently seeking a highly motivated results-driven Senior IT Risk Analyst with a solid background in identifying and managing IT and security risks. Proficient in independently conducting IT and security risk assessments and recommending effective risk management strategies. Adept at collaborating with cross-functional teams and stakeholders to properly calculate inherent and residual risk levels. Strong analytical thinking and problem-solving abilities to be coupled with a deep understanding of IT infrastructure and cybersecurity principles. Committed to continuous improvement and staying updated with the latest security trends, technologies, and emerging IT and security risks.
LOCATION
- This position sits 100% remote. Occasional travel to our HQ in Jacksonville, FL may be required.
DUTIES & RESPONSIBILITIES
- Lead IT and security risk management activities, including risk identification, assessment, mitigation, and reporting
- Plan, conduct, and manage IT and security risk assessments, including annual and ad hoc assessments, and develop comprehensive reports for stakeholders
- Serve as an expert in information security and information technology, advising business units, security, and IT teams on risk-related issues, control enhancements, and emerging IT and security risks
- Facilitate technical discussions with stakeholders to assess IT and security risks associated with existing and new technologies or business initiatives
- Collaborate with cross-functional teams to operationalize the risk management framework and ensure alignment with business objectives
- Monitor and improve risk and control indicators, such as inherent risk, control effectiveness, and residual risk, and track remediation efforts
- Develop and maintain documentation related to IT and security risks, frameworks, processes, and controls
- Lead continuous improvement initiatives for the risk management program to ensure effectiveness and scalability
- Prepare and deliver risk-related presentations and status updates to senior management and stakeholders
- Maintain expertise in industry trends, cybersecurity frameworks, and best practices
- Mentor and support team members to enhance their understanding of IT and security risks
- Other duties as assigned
MINIMUM REQUIREMENTS
- Bachelor’s degree in a technology, security, or related field, complemented by relevant certifications and work experience
- 7–10+ years of experience in IT and security risk management
- Extensive knowledge and experience conducting IT and security risk assessments, including the ability to lead risk workshops, assess controls, document results, generate risk assessment reports, create and follow-up on remediation
- Strong understanding of IT and security risk concepts, processes, and controls, with the ability to converse at a technical level
- Expertise in assessing risks and controls related to securing applications and technology platforms
- Experience with GRC tools (e.g., BWise/SAI360) and risk reporting processes
- Strong communication, organizational, and analytical skills
- Knowledge of IT and security risk frameworks such as NIST CSF, COBIT, CIS CSC, Cloud Controls Matrix, ITIL
PREFERRED EXPERIENCE
- Professional certifications such as CISSP, CISA, CRISC, Security+, or FAIR certification
- Proficiency in regulatory and compliance requirements, including SOC 2, NYDFS Cybersecurity Regulation, and NAIC Insurance Data Security Model Law
- Experience with PowerBI
This position has the potential to earn compensation in the range of $90,000 - $125,000 annually based on location and job-related factors such as skillset and experience. Actual rate may vary within the range provided, depending on a number of factors, including skillset, experience and location. The base compensation is one component of the total rewards package offered to our employees, including optional health and welfare insurance (medical/dental/vision/life/disability); paid holidays, vacation, and sick time off; and matching 401(k) plan and matching employee stock purchase plan.
