×
Register Here to Apply for Jobs or Post Jobs. X

Principal​/Senior IT Risk Analyst

Job in Boston, Suffolk County, Massachusetts, 02298, USA
Listing for: BHSI
Full Time position
Listed on 2026-07-13
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Business Analyst, IT Consultant
Salary/Wage Range or Industry Benchmark: 160000 - 180000 USD Yearly USD 160000.00 180000.00 YEAR
Job Description & How to Apply Below

Who are we?

A strategic and trusted insurance partner, Berkshire Hathaway Specialty Insurance (BHSI), provides a broad range of commercial property, casualty and specialty insurance coverages and outstanding service to customers and brokers around the world. Part of Berkshire Hathaway’s insurance operations, we bring our solutions to market with our stellar brand name, top-rated balance sheet, and the expertise of our global team of professionals, who exude excellent capabilities and strong character.

We are a values-based organization where respect, integrity, excellence, collaboration, and passion define who we are and how we do business. We value diversity of background experience, and perspectives and strive to foster an inclusive environment that enables all our team members to bring their best selves to work. We are one team committed to building a culture where every teammate has the opportunity to contribute and be recognized.

Want to be part of the team building the finest property, casualty and specialty lines insurance company in the world?

Learn more about our unique culture and history.

Job Opportunity

Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a new team member to join their Boston-based Technology Governance Risk Audit & Compliance (GRAC) team as a Technology Senior Risk Analyst. In this newly created role, the Technology Senior Risk Analyst will support and mature the Technology Risk Management pillar, ensuring technology risks are proactively identified, assessed, communicated, and monitored across the enterprise.

This role will build strong partnerships with Technology leadership and collaborate closely with teams across BHSI to evaluate our Technology risk posture, provide independent challenge, and recommend practical risk‑reducing actions aligned with our established risk appetite. If you're passionate about elevating enterprise Technology risk practices, driving meaningful change, and growing your career as a key contributor to our evolving global IT risk program, we’re interested in speaking with you.

Duties & Responsibilities
  • Lead risk identification, risk assessment, and ongoing monitoring; maintain the Technology risk register and ensure risks map to business objectives and risk appetite/tolerances.
  • Drive Risk and Control Self ‑ Assessments (RCAs) with different risk and control owners; advise on control design for identity & access, change/release, resiliency/DR, cloud security, data protection, and vulnerability management.
  • Define and socialize KRIs/KPIs, risk dashboards, trends, and heat maps; deliver clear status to Technology leadership, and key stakeholders.
  • Partner with Vendor Risk Management Team to evaluate critical vendors (including AI ‑ enabled services), review SOC reports/certifications, assess control gaps, and track remediation/compensating controls through closure.
  • Track risk issues, action plans, and target dates; validate remediation and re test where needed; participate in lessons ‑ learned and scenario exercises.
  • Provide support to our offices from both a U.S. and global perspective (i.e., Asia, Middle East, UK, Europe, Australasia, etc.) regarding the fulfillment of Technology risk related requests and obligations.
  • Assess AI/automation use cases for explainability, privacy, security, and bias risk; ensure appropriate documentation, monitoring, and governance are in place.
  • Educate teams on risk expectations, evidence quality, and the “why” behind controls; help embed risk thinking into delivery and operations.
  • Attend/participate in e-learning training sessions to increase background knowledge of the ever‑evolving Technology regulatory landscape.
Qualifications, Skills And Experience
  • 10+ years of experience in Technology risk, Technology audit/compliance, or cyber GRC.
  • Experience running RCSAs, defining KRIs/KPIs, and presenting risk insights to senior stakeholders.
  • Strong documentation skills, including writing risk narratives, control designs, control matrices, testing procedures, and remediation plans.
  • Effective communication and partnership skills; able to challenge constructively and receive challenge professionally.
  • Experie…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary