DST Systems, Inc. is a leading provider of strategic advisory, transformative technologies, and operations outsourcing to the financial and healthcare industries. Relying on deep industry knowledge, critical infrastructure, and service excellence, DST helps companies master the escalating complexity of customer, business and regulatory requirements.
Enterprise Services is the provider of information technology services to the DST enterprise. Our business is to connect our clients to their customers by automating business processes, providing information for decision making, and providing productivity tools to increase efficiency. This includes the information technology infrastructure and architecture functions, as well as, the global information privacy and security.
IT Enterprise Risk Analyst | Milwaukee, WI
The Information Technology Risk Management (ITRM) process supports the enterprise-wide risk management framework through four activities: (1) risk identification, (2) risk measurement, (3) risk mitigation, and (4) risk monitoring and reporting. Risk identification generally documents inventories of systems and information necessary to IT operations and defines the potential threats to the DST's systems and operations.
- Support the identification of risks to information and technology assets within the DST or controlled by third-party providers.
- Support identification of the potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.
- Support the analysis of a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
- Support the measure the level of risk for enterprise information technology and security.
- Support the evaluation and mitigation of the IT risks to an acceptable residual risk level in conformance with the board's risk appetite.
- Support the monitoring of changing risk levels and report the results of the process to the Enterprise Risk Management Leadership.
- Understand the following tools and techniques are that are typically used to evaluate the effectiveness of controls (these tools can also be used to identify vulnerabilities)
Experience and Background
- Minimum 3-5 years’ experience and basic knowledge of IT related processes such as system and information security, system development and change management, computer operations and data protection
- Preferred 5+ years of experience in one or more of the following areas: IT Governance, IT Organization Management, IT Security and Continuity, Application Portfolio, or Network infrastructure.
- Desired Skills: Data management; information security; Optional certifications: CISSP, CISM, CISA and/or CRISC
- Preferred: Bachelor’s degree in Information Technology, Management Information Systems, Computer Science or a related discipline.
- Demonstrated understanding of IT risk management principles and risk-based information technology and security governance software for identifying critical risks, adhering with compliance requirements, and objectively prioritizing which concerns require increased attention and allocation of resources.
- Knowledge of Financial Services industry regulations, specifically those set forth in the Federal Financial Institutional Examination Council (FFIEC) handbooks and other country specific regulatory authorities, as well as NIST 800-53.
- Ability to work well in both an individual contributor and team capacity.
- Able to effectively manage projects and complete multiple tasks simultaneously and efficiently while maintaining a sense of urgency and attention to detail.
- Able to evaluate and analyze complex data to assess risk and formulate sound decisions and justifications.
- Possess excellent written and verbal communication skills. Able to prepare clearly written, organized documents, reports and communications that demonstrate proper justification and support for any conclusions and assessment results and contain correct grammar, punctuation and spelling.