Risk Analyst supporting PG&E’s Underground Program in safety risk management and risk analysis across multiple teams. Developing frameworks and coordinating risk mitigation efforts for utility operations.
About the role
- Identify and manage technology risks related to Information Security and Data Protection for TIM. Collaborate with IT and business to implement action plans and monitor compliance.
Responsibilities
- Perform analysis of corporate projects, identifying technical and procedural weaknesses related to Information Security and Data Protection;
- Conduct risk assessments on technology assets (systems, networks, security devices, websites and applications) in On-Premises and Cloud Computing environments (IaaS, PaaS, SaaS);
- Work together with IT and Business areas to oversee the implementation of action plans and mitigating controls resulting from risk analyses and project reviews;
- Monitor and report on the progress of action plans related to vulnerabilities and non-conformities, ensuring mitigation within defined deadlines;
- Support the analysis of strategic projects, ensuring compliance with legal, regulatory and corporate security requirements;
- Assess risks and internal controls (technological and procedural), aligning them with good governance practices and industry frameworks;
- Conduct vendor assessments as part of RFP/RFQ/RFI processes, analyzing technology and business risks associated with the procurement of solutions and services;
- Evaluate and approve requests related to Site-to-Site VPNs, ensuring secure integration with external vendors;
- Support the review and update of policies, standards, processes and internal controls related to Information Security, IT Governance and secure development practices;
- Perform triage and routing of requests from the demand management system, ensuring correct prioritization and allocation of tasks.
Requirements
- Proven experience in Risk Management, Project Analysis and Information Security;
- Knowledge of reference frameworks and standards such as ISO/IEC 27001, ISO/IEC 27005, NIST CSF, COBIT and ITIL;
- Experience with Cloud Security (IaaS, PaaS, SaaS) and risk analysis in hybrid environments;
- Knowledge of IT vendor assessment and Third Party Risk Management (TPRM) processes;
- Experience in vulnerability analysis and tracking mitigation plans;
- Knowledge of managing information security policies, standards and controls;
- University degree required, preferably in Information Technology, Information Security, Computer Engineering or related fields.
Benefits
- Flexible Benefits Program
- Medical and Dental Coverage *
- Medication Benefit *
- Wellhub (formerly Gympass) *
- Food and/or Meal Allowance
- Financial Wellness Program
- Private Pension Plan
- Company mobile phone with unlimited data and voice allowance
- Discounts and partnerships with over 3,000 companies and institutions, including discounts on your electricity bill and broadband internet
- Online English course extendable to one family member or friend
- Internal Training and Development Program
- Profit Sharing
- "My First Benefit" - Support for children up to 2 years old
- Daycare Reimbursement (for parents)
- Flexible work models and schedules
- Happy Day - Day off during your birthday month
- Extended leave for maternity, paternity, marriage and adoption
- Transportation Voucher
- And more!
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Risk Analyst managing safety risks within PG&E’s Underground program. Develops risk management frameworks and maintains asset risk registers to mitigate wildfire risks.
Risk & Incident Specialist at Bupa helping to strengthen risk and incident management in UKI operations. Play a vital role in ensuring regulatory compliance and customer safety through proactive risk management.
Data Governance COE Senior Lead for solutions on Data Safety and Controls at Huntington. Looking for a hands - on leader with extensive experience in governance frameworks.
Interim Risk Coordinator supporting risk management and compliance for a mission - driven talent marketplace focusing on African sustainable development. Collaborates with the risk team on governance and controls.
Specialist in insurance operations at BV, a leading private bank in Brazil. Strategic involvement in product evolution and risk governance.
Senior Associate, managing credit risk policy lifecycle at Capital One. Collaborating with stakeholders to ensure compliance and enhance risk frameworks.
Senior operational risk advisor at Desjardins developing guidelines and policies to prevent fraudulent transactions. Collaborating with various stakeholders and recommending strategic directions based on extensive knowledge.
Risk Management Consultant focused on identifying, analyzing, and managing risks for organizations in Göteborg. Join TechSeed's Cyber Security team with a strong emphasis on innovation and collaboration.
Internship role at Emerson in Cluj - Napoca, Romania, focused on governance and securities responsibilities. Engaging with a diverse team to drive innovation and foster a collaborative environment.