Brown & Brown InsuranceRemote
Technology Risk and Compliance Analyst
Florida, United States of America
Full Time
2 weeks ago
$85,000 - $105,000 USD
No Visa Sponsorship
Key skills
Cyber SecurityLeadershipStakeholder ManagementCollaboration
About this role
Role Overview
- Identify, assess, and document technology risks across projects, products, and platforms within the Retail portfolio.
- Facilitate the prioritization of technology risks based on business impact, regulatory exposure, and defined risk appetite.
- Conduct risk assessments for new initiatives, including M&A integrations and platform implementations.
- Partner with project managers and product teams to integrate risk mitigation into delivery plans and milestones.
- Ensure risk mitigation strategies align to enterprise risk appetite and portfolio priorities.
- Monitor risk exposure and ensure remediation activities are tracked through completion.
- Ensure alignment with internal policies and external regulatory requirements (e.g., SOX, SOC controls, data privacy standards).
- Support implementation and maintenance of IT governance, risk, and compliance (GRC) frameworks.
- Evaluate and ensure technology policies, standards, and procedures are fit for purpose and aligned to regulatory and business requirements.
- Maintain compliance documentation, control narratives, and evidence repositories.
- Monitor and report adherence to policies, standards, and standard operating procedures across the portfolio.
- Support internal and external audit activities, including evidence collection, walkthroughs, and remediation tracking.
- Partner with internal and external Audit to support successful audit outcomes, including SOX compliance, evidence validation, and timely remediation of findings.
- Assess effectiveness of IT controls and identify gaps across applications, infrastructure, and processes.
- Partner with control owners to strengthen control design and execution.
- Drive timely closure of audit findings and control deficiencies.
- Partner with Vendor Management and enterprise third
- and fourth-party risk teams to ensure technology-related vendor risks are identified and addressed.
- Incorporate vendor-related risks into portfolio-level risk visibility and reporting.
- Support tracking and remediation of vendor-related control gaps impacting Retail Technology delivery.
- Prepare and deliver transparent, decision-ready reporting for governance forums, including Steering Committees and OCIO leadership.
- Provide insights that enable leadership to evaluate risk exposure alongside investment, delivery progress, and business outcomes.
- Highlight trade-offs, emerging risks, and areas requiring leadership attention or decision.
- Track key risk indicators (KRIs), control effectiveness, and remediation progress.
- Identify opportunities to streamline and improve GRC processes, tooling, and operating model effectiveness.
- Contribute to the evolution of OCIO governance, risk, and control frameworks.
Requirements
- Bachelor’s degree in Information Technology, Cybersecurity, Business, or related field.
- 3–7 years of experience in IT risk, compliance, audit, or cybersecurity.
- Strong working knowledge of GRC frameworks (e.g., NIST, ISO 27001, COBIT).
- Knowledge of regulatory standards (SOX, SOC, GDPR, or similar).
- Experience with risk assessment, control design, and audit support.
- Ability to translate technical risk into business impact and executive-level messaging.
- Strong collaboration and stakeholder management across technology and business teams.
- High attention to detail with disciplined documentation practices.
- Able to travel up to 30%.
Tech Stack
- Cyber Security
Benefits
- Health Benefits : Medical/Rx, Dental, Vision, Life Insurance, Disability Insurance
- Financial Benefits : ESPP; 401k; Student Loan Assistance; Tuition Reimbursement
- Mental Health & Wellness : Free Mental Health & Enhanced Advocacy Services
- Beyond Benefits : Paid Time Off, Holidays, Preferred Partner Discounts and more.