IT Risk Analyst III

Paychex Rochester , NY 14618

Posted 2 months ago


Independently conducts routine risk management activities ensuring that Paychex business managers understand the gross and net impact of IT related risk. Identifies existing and recommended compensating controls to mitigate identified risk. The position also requires research and information analysis in support of various activities of the Risk and Compliance department such as preparing responses to prospect, client or partner security questionnaires and conducting vendor security risk assessments and identifying best practice security controls.

  • Independently conducts and presents routine risk assessments to business managers that include risk identification, impact assessment, compensating controls identification, risk mitigation opportunity identification and business recommendations.

  • Approves formal statements in response to prospect, client or partner security inquiries such RFPs, RFIs, partner questionnaires or ad hoc questions. Escalates sensitive response statements for further review when deemed necessary and appropriate.

  • Conducts and manages security risk assessments of current and prospective information hardware, software or service providers to ensure that adequate controls are in place to protect company interests.

  • Works with legal, business and IT management to incorporate and negotiate company security terms and conditions in Contracts.

  • Develops security policy and security standards for consideration by the Security Review Board. Identifies obsolete standards for possible retirement. Manages the policy exception requests process. Provides follow up to ensure review of expiring exception authorizations.

  • Develops security training materials that support the training of IT personnel and security program participants in the application of company security policies, standards and procedures.

  • Manages the monthly reporting for the Security Review Board and coordinates with senior risk analysts for quarterly reporting to the Security Governance Council.

  • Consults with all company internal personnel to provide guidance and understanding of information security principles, standards and industry best practices.


  • Bachelor's Degree in Computer Science, Information Security Management or related discipline - Preferred
  • 4 years of experience in Information Security.
  • 1 year of experience in Performing Information risk management activities.
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
ERM Risk Review And Assessment Analyst


Posted 1 week ago

VIEW JOBS 10/4/2018 12:00:00 AM 2019-01-02T00:00 Description Facilitates teams in the independent evaluation of risk and opportunities among various business segments. Coordinates and tracks the implementation of risk identification, assessment, and mitigation measures. * Coordinates Risk Review and Assessment Programs performing planning and conducts pre-review meetings and fieldwork for all Risk programs. Analyzes preliminary data and collects evidence to support review and assessments. * Serves as lead/expert in technology initiatives, such as GRC (RSA Archer), Access, and PowerBI. Prepare enterprise level reports highlighting key risks to ensure appropriate insight for leadership. * Maintains enterprise risk and recommendation data in the appropriate applications for trending and reporting purposes. * Brainstorms, facilitates, and analyzes enterprise-wide risk mitigation recommendations identified via risk assessment sessions while providing reviewer guidance and support to create a conducive review environment. * Manages review teams' research and arranges key data within final reports to support team findings and promote recommendations to executive level management. Conducts further research and provides recommendations on selected topics to support the development and prioritization of review assignments. * Analyzes qualitative and quantitative data resulting from the activities to develop profitability models, creates appropriate graphics, and provides key indicator analysis to senior management. * Presents and represents team in internal and external meetings, seminars, trainings and relationship-building capacities, presenting the programs and the benefits in a variety of settings to expand the program footprint. * Follows up with various business areas on the status of proposed recommendations to develop metrics to quantify the benefits derived from the recommendations implemented. Requirements * Bachelor's Degree in Management, Finance, or Accounting - Preferred * 5 years experience with ERM methodology, project management, and team leadership. Paychex Rochester NY

IT Risk Analyst III