Risk Analyst

Date: Nov 1, 2022

Location: San Juan-Cupey, PR

General Description

The Risk Analyst is responsible for assessing the adequacy of the internal controls in the Information Technology Division. This role includes identifying the weaknesses in the systems and processes and creating an action plan to prevent audit findings and promote best practices. The Risk Analyst can also be involved in the planning and execution of internal assessments procedures and the creation of reports to present to management. Must work within a team to create a solid information technology culture, and collaborate with clients to develop and put in place policies and procedures that goes along the best practices.

Essential Duties and Responsibilities

  • Performs general and application control reviews for simple to complex computer information systems.
  • Performs information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
  • Directs and/or performs reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
  • Prepares and presents written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management.
  • Consults with and advises administrators, management and staff on various operational issues related to computerized information systems, and on general business operations as needed.
  • Coordinate and lead meetings as necessary with auditors or examiners and process owners to understand the processes, clarify doubts and establish actions plans with due dates.
  • Follows up on audit findings, self-identified issues and other regulatory findings to ensure that management has taken corrective action(s).
  • Follows up on audit findings, self-identified issues and other regulatory findings to ensure the Internal Audit Unit, Cyber Security Unit and other entities reviews and close them.
  • Performs miscellaneous job-related duties as assigned.


Minimum Education

Bachelor's Degree in Accounting or Computer Science


Two (2) to three (3) years of experience in IT audits and procedures

Knowledge of internal auditing, internal controls, risk management, and finance and accounting practices and methods

Experience with multiple technology domains including aspects of Windows / Office 365, web and/or database management, software development, networking, and automation

Certifications and Licenses

CISA, CISM or CISSP are not requiered but are preferred.

Other Qualifications

  • Comprehensive understanding of internal control environments within the IT function
  • Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations
  • Outstanding interpersonal and communications skills (verbal / written); ability to communicate effectively with technical and non-technical audiences, in both English and Spanish
  • Takes ownership of the tasks and responsibilities assigned
  • Available to travel as needed
  • Working knowledge of: MS Office: Word, Excel, PowerPoint
  • Excellent people skills to develop and maintain good relationships with auditees, anticipate their needs, present alternatives, and provide follow-up to the agreements reached
  • Ability to work under pressure to meet deadlines
  • Excellent organizational skills to work with multiple things and comply with established deadlines
  • Excellent leadership and teamwork skills
  • Results-driven and proactive


Analytical Discipline
Business Excellence
Change Agent
Collaboration & Teamwork
Customer Centric
Self Development

Additional Information

Job Segment: Law, Legal