Hilltop Holdings is looking for an Information Technology Risk Management (ITRM) Senior Analyst to support the execution of the Company’s IT GRC program. The ITRM Senior Analyst will coordinate IT audit and examinations; lead risk and compliance assessments; track and report open IT issues; process policy exception requests.

The ITRM team serves as the liaison between audit teams (both internal and external) and process owners during audit engagements. The ITRM Senior Analyst provides support to process owners through their IT risk management subject matter expertise. This position requires the ITRM Senior Analyst to interface with team members within the Information Technology department as well as other internal business units and external partners.

• Coordinates and supports internal and external audits, regulatory examinations and other security assessments (e.g. penetration tests)
• Serves as point of contact for audit requests.
• Conducts compliance assessments and ensures respective remediation is performed in a timely manner.
• Ensures compliance with any applicable information security standards and regulations.
• Monitors and reports status of security tasks and open remediation items.
• Assists with internal and external risk assessments and evaluates control effectiveness.
• Assists business and technology teams to comply with corporate policies and standards
• Supports the security policy exception process
• Work with business partners to validate technology risks within business processes impacting the Company's objectives
• Assesses internal control systems to ensure operating levels adequately mitigate risks
• Understanding the needs and implications of the various legal, privacy, and regulatory bodies that impact our business and ensure they are addressed.

• Mentors junior ITRM analysts in IT risk management and general technical skills
• Supports new employee onboarding process for junior ITRM analysts
• Partnership and communication with internal and external contacts (at appropriate levels) as necessary to ensure expectations and timelines are met
• Other duties as assigned or required

• Bachelor’s degree or above in Business Administration, Accounting, Information Systems or equivalent experience in IT/Information Security field preferred.
• IT Risk and/or Information Security certifications, such as CISA, CISM, CRISC, preferred
• Minimum 5 years of experience with IT audit, information security, IT governance and/or IT risk management
• Demonstrated experience in risk and control assessments.
• Demonstrated knowledge in the following regulations and frameworks: SOX and FFIEC
• Ability to translate control requirements and recommendations into actionable improvements.
• Displays excellent time management, organizational and problem-solving skills
• Ability to work well under pressure and meet deadlines
• Demonstrated excellent analytical skills and strong detail orientation
• Excellent verbal, written and interpersonal communication skills
• Excellent PC skills, including Microsoft Office Suite