The Lead Analyst, Information Risk Management (IRM) will efficiently and effectively lead, execute and support activities related to information technology (IT) and information risk management, including coordinating and providing guidance to other analysts. This position will assist Information Risk Management (IRM) managers and work with peer group managers within IT and across CDW to lead and execute IT and information risk management programs and processes to minimize risks to an acceptable level.
The Lead Analyst, Information Risk Management may specialize in one of the following IT and information risk focus areas:
- Information Management
- IT Risk and Compliance
Key Areas of Responsibility
- Understand CDW’s complex business and IT processes and supporting IT environments.
- Lead and execute various IT and information risk management programs and projects, including training, in accordance with established processes and procedures.
- Analyze complex IT and information risk issues, determine its root cause and impact to the organization.
- Participate in the development and implementation of policies, standards, procedures, and IT controls as needed to appropriately respond to IT and information risks.
- Lead and conduct periodic assessments as required to support IT and information risk management programs, mitigate risks (both business and technical) to an acceptable level, and maintain compliance with legal and regulatory requirements.
- Lead the production and maintenance of content for an IRM knowledge repository for IT risk, information management, and compliance-related materials and resources including IT controls, policies, procedures and standards.
- Assign IT and information risk management-related tasks to Analysts and Senior Analysts and follows up on progress to ensure on-time completion of tasks
- Provides guidance to peers and subordinate level coworkers.
Information Management Focus:
- Work to maintain, execute, and improve CDW’s relevant Information Management programs for policies, standards and procedures.
- Oversee the preparation and creation of periodic reports surrounding disposition policies highlighting methods to reduce costs.
- Serve as IT lead for discovery response and legal hold enforcement activities.
IT Risk and Compliance Focus:
- Partner closely with Information Security, Business Process Assurance, Legal, and other IT and business representatives across CDW to ensure IT and information risks are managed to an acceptable level.
- Advise, support, and track remediation efforts for IT audit or compliance issues identified and reported by management, BPA or other third-parties.
- Provide guidance and training with respect to IT audit and regulatory compliance requirements to ensure IT controls are appropriately designed and executed, resulting in audit and regulatory compliance.
- Monitor and report on emerging areas of non-compliance risk and the effectiveness of operational and SOX controls.
- Serve as lead IT liaison to BPA or external auditors by prescreening auditor requests and IT responses for completeness, accuracy, and relevance.
- Demonstrate advanced understanding of complex business processes, business control processes, information risk management, risk management, IT controls and related standards.
- Analyze diverse and complex IT and information risk issues and evaluating a variety of factors, determine its root cause and impact to the organization.
- Identify and/or develop internal controls which mitigate risks and related opportunities for internal control improvement.
- Accurately respond to Coworker IT risk and compliance and information management questions in a timely manner or escalate appropriately.
- Actively participate in decision making with management and seek to understand the broader risk impact of current decisions.
- Facilitate use of technology-based tools or methodologies to review, design and/or implement products and services.
- Assist with the preparation of IRM reports and updates, both within IT and to other departments.
- Provide timely status updates on progress to IT and Business Leadership.
- Communicate effectively to all levels across the organization both verbally and in writing.
Education and/or Experience Qualifications
- Bachelor’s degree or equivalent experience in either, Information management (Information Management Focus), or IT and/or information risk management, audit, or compliance (IT Risk and Compliance Focus)
- 10 years of IT experience with, 4 years’ working experience in information or information risk management, IT risk management, audit, or compliance with a broad knowledge of IT operations and applications
- Knowledge and experience with leading PCI, SOX IT General Controls, HIPAA or other regulatory compliance efforts
- Knowledge and understanding of IT and information risk concepts and principles as a means of relating business needs to security controls
- Understanding of Information Management, Enterprise Risk Management and IT and Information Risk Management frameworks
- Experience reviewing, supporting and facilitating development of Information Security policies, procedures, standards and guidelines
- Ability to interact with IT and business personnel and build strong relationships at all levels, with an ability to understand business drivers and effectively communicate IT and risks in an easy-to-understand manner
- Excellent analytical and problem-solving skills
- Excellent technical and business writing skills with strong attention to detail
- Excellent communication, interpersonal and presentation skills
- Ability to perform quality assurance and create high quality deliverables with minimal supervision
- Excellent time management and project management skills
- History of balancing competing priorities with the ability to adapt to the changing needs of the business while meeting deadlines
- Ability to lead and/or actively participate in working sessions and stakeholder meetings
- CRM, IGP, PMP, or information management-related certification (Information Management Focus)
- CRISC, CRM, CRMP, CISA, or CISM designation or other relevant certification (IT Risk & Compliance Focus)
- Experience in a Professional Services environment