The Risk Management Analyst is a position within the LogMeIn Security Governance, Risk, and Compliance (GRC) team, reporting to the Senior Risk Manager. The role is responsible for assessing and reporting any operational risk that arises from inadequate or failed processes, people, systems or external events while maintaining a balance between risk mitigation and business objectives. The role will support GRC and the broader Security Team to deliver a consistent risk management approach across all LogMeIn products and organizational functions.
The primary purpose of the role is to lead oversight and monitoring of activities that have the potential to impact product risk profile. The Risk Management Analyst will drive the identification, measurement, monitoring and controlling of risks within scope to ensure that LogMeIns exposure is within the established limits. The specific responsibilities include:
- Assessing, monitoring, and reporting Security, Compliance, and technical Privacy risks
- Conducting risk assessments, using standardized methodologies, against LogMeIn Information and business assets, and providing recommendations in accordance with corporate policies, standards and controls
- Following-up on open risk remediation tasks
- Facilitating approval process for risk acceptance requests and renewals
- Supporting the Senior Risk Manager and other Security team members to ensure risks are properly identified, documented, assessed, monitored, controlled, and reported in a timely fashion
- Assist Compliance and the business to document, assess, and remediate any risks raised during audit examinations.
- Ensuring reliable data is produced and that measurement/modelling of risks are refined to facilitate more complete analysis/evaluation of risk scenarios; and
- other duties or tasks as assigned by management
As this is a global organization, the Risk Management Analyst may occasionally be asked to attend conference call meetings outside of normal respective office hours.
- A Bachelor's degree in a technical/security field or a non-technical degree with combination of risk-related work experience
- At least 2 years of experience in risk management. Risk Management course work or certifications such as ISACAs CRISC is highly desirable
- A successful track record managing operational risks and good knowledge of security risk frameworks such as ISO27005 or ISO31000; and knowledge of security controls frameworks such as ISO27001/27002 and NIST 800-53.
- Generally adept at picking up new technologies and experience working with a GRC tool such as Servicenow, Archer, or proprietary GRC systems
- Experience and proven ability to provide constructive challenge to the business and ensure risks are assessed adequately and addressed appropriately
- Strong analytical thinking and communication skills including the ability to research and understand complex processes and effectively communicate them to senior management
- Demonstrated ability to perform process analysis and experience in documenting controls
- Experience in leading/delivering risk assessments and scenario analysis
- Good stakeholder and relationship management skills
- Personal integrity, accountability, and the ability take ownership of specific tasks and activities
- Self-starter with the ability to deliver under pressure
- Strong written and verbal communication skills
- Able to foster a collaborative working relationship with multiple areas and complex business lines, globally and remotely