Principal/Senior Technology Risk Analyst
Listed on 2026-07-12
-
IT/Tech
Cybersecurity, Information Security, IT Business Analyst, IT Consultant
IT Senior Risk Analyst
Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a new team member to join their Boston-based IT Governance Risk Audit & Compliance (GRAC) team as an IT Senior Risk Analyst. In this newly created role, the IT Senior Risk Analyst will support and mature the IT Risk Management pillar, ensuring technology risks are proactively identified, assessed, communicated, and monitored across the enterprise.
This role will build strong partnerships with Technology leadership and collaborate closely with teams across BHSI to evaluate our IT risk posture, provide independent challenge, and recommend practical risk‑reducing actions aligned with our established risk appetite. If you're passionate about elevating enterprise IT risk practices, driving meaningful change, and growing your career as a key contributor to our evolving global IT risk program, we're interested in speaking with you.
Duties & Responsibilities:
- Lead risk identification, risk assessment, and ongoing monitoring; maintain the IT risk register and ensure risks map to business objectives and risk appetite/tolerances.
- Drive Risk and Control Self ‑ Assessments (RCAs) with different risk and control owners; advise on control design for identity & access, change/release, resiliency/DR, cloud security, data protection, and vulnerability management.
- Define and socialize KRIs/KPIs, risk dashboards, trends, and heat maps; deliver clear status to Technology leadership, and key stakeholders.
- Partner with Vendor Risk Management Team to evaluate critical vendors (including AI ‑ enabled services), review SOC reports/certifications, assess control gaps, and track remediation/compensating controls through closure.
- Track risk issues, action plans, and target dates; validate remediation and re test where needed; participate in lessons ‑ learned and scenario exercises.
- Provide support to our offices from both a U.S. and global perspective (i.e., Asia, Middle East, UK, Europe, Australasia, etc.) regarding the fulfillment of IT risk related requests and obligations.
- Assess AI/automation use cases for explainability, privacy, security, and bias risk; ensure appropriate documentation, monitoring, and governance are in place.
- Educate teams on risk expectations, evidence quality, and the "why" behind controls; help embed risk thinking into delivery and operations.
- Attend/participate in e-learning training sessions to increase background knowledge of the ever-evolving IT regulatory landscape.
Qualifications,
Skills and Experience:
- 10+ years of experience in IT risk, IT audit/compliance, or cyber GRC.
- Experience running RCSAs, defining KRIs/KPIs, and presenting risk insights to senior stakeholders.
- Strong documentation skills, including writing risk narratives, control designs, control matrices, testing procedures, and remediation plans.
- Effective communication and partnership skills; able to challenge constructively and receive challenge professionally.
- Experience conducting vendor risk reviews, including SOC 2 analysis, control gap identification, and remediation follow ‑ up.
- Solid background knowledge of major risk and control frameworks (Technology, Cyber, Enterprise), such as NIST CSF, COSO ERM, COBIT, etc.
- Working knowledge of U.S. IT regulations (e.g., SOX, CCPA/CPRA, PCI, NY ‑ DFS) is recommended.
- Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin) is preferred but not required.
- Ability to work in a team-based environment and communicate effectively and efficiently with others domestically and globally.
- Experience with GRC tools such as Workiva, Audit Board, Service Now, Drata, Vanta, or similar platforms is a plus.
- AI experience is a plus, including an understanding of AI risks, responsible AI concepts, or emerging AI regulatory requirements.
- Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor (or equivalent) are a plus.
BHSI Offers:
- A competitive package and exciting growth opportunities for career-oriented teammates.
- A dynamic, action oriented, and thoughtful environment centered on always doing the right thing for our customers,…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).