Senior Risk Analyst - IT & Cyber Risk Assurance

General Description

The Senior Risk Analyst will play a key role in advancing the second-line IT and Cyber Risk Monitoring and Assurance Program. This position provides independent oversight and effective challenge across technology and cybersecurity risk domains, partnering with first line and control functions to strengthen risk governance, and supports senior management and committees through actionable risk insights, reporting, and regulatory readiness.

Essential Duties and Responsibilities

IT & Cyber Risk Framework & Governance: 

• Lead the ongoing enhancement and governance of the IT & Cyber Risk and Control Matrix, ensuring alignment with regulatory requirements and industry frameworks such as NIST, COBIT, FFIEC, CCM, PCI, and others.
• Serve as a trusted second-line advisor to IT and Cybersecurity leadership to ensure risk management practices are implemented consistently across the organization.
• Prepare, generate, and provide materials (e.g., risk scorecards, dashboards, and metrics) required for various Risk Committees, Senior Management Team and Executives by the required due dates.
• Independently monitor remediation commitments and provide credible challenge on timeliness, sustainability of remediation, and residual risk calculation and escalate concerns when risks remain outside of the organization’s risk appetite.

Risk Oversight & Advisory: 

• Perform second-line review and challenge of policies, standards, risk acceptances, risk escalations, and control implementations to ensure alignment with control expectations and the IT & Cyber Risk and Control Matrix.
• Lead the execution of the IT and Cyber Risk and Control Self-Assessments (RCSAs), including scoping, control evaluation, issue identification, action-plan development, and residual risk assessments.
• Translate control weaknesses into clear risk statements, validate root cause, and recommend solutions aligned with the organization’s risk appetite.
• Support regulatory exams and audits by coordinating activities, reviewing evidence packages, ensuring consistent narratives, and tracking commitments and responses through closure.
• Develop and deliver targeted training for business and technology stakeholders (e.g., RCSA processes, risk acceptance standards, key controls, evidence expectations, etc.).

Key Risk Indicators (KRIs): 

• Design, enhance, and govern KRIs, including metric definitions, thresholds, data lineage, data quality controls, and exception handling. 
• Perform trends analysis to identify potential issues and perform root cause analysis to provide recommendations to Management on how to better manage their IT & Cyber risk posture.

Education

Bachelor’s degree in Business Administration, Information Technology, Computer Engineering, Computer Science, Cybersecurity or related field.
 

Experience

• At least 5 years of working experience in IT controls testing, IT Risk, IT Audit and/or Cybersecurity positions; or in a consulting IT/Cyber role with a broad view of Information Technology or Information Security controls.  
• Demonstrated experience applying IT and cybersecurity frameworks and regulatory expectations (e.g., NIST, COBIT, FFIEC, CRI, CCM, etc.) including Policy and Standards review and control design assessments.
• Experience with risk governance processes such as RCSAs, Issue Management, Risk Acceptances, and committee/board level reporting.
• IT or Cyber certifications preferred (e.g. CISA, CISM, CISSP, CGEIT, CRISC) 

Other Qualifications

• Strong analytical skills with ability to synthesize complex technical topics into clear risk narratives for executives. 
• Advanced Excel skills preferred; experience with reporting/dashboard tools is a plus.
• Excellent written and verbal communication in English and Spanish, including executive-level communication.
• Strong judgement, critical thinking, and ability to operate independently with minimal direction.
• Excellent organizational skills are required to establish priorities, multitask, work under pressure, and meet deadlines.
• Excellent interpersonal skills and teamwork.
• Proficient in Microsoft Office: Word, Excel, PowerPoint, and Outlook  

Values

• 1. Passion for People
• 2. Own Every Moment
• 3. Succeed Together
• 4. Build the Future

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary.

Our hybrid work model benefit applies to certain positions and is subject to changes based on the organizational needs.

ABOUT US

Popular is Puerto Rico’s leading financial institution and have been evolving since it was founded over a century ago. From a small bank it has developed into a large corporation that offer a wide variety of services and financial solutions to our customers, with presence in the United States, the Caribbean and Latin America.

As employees, we are dedicated to making our customers dreams come true by offering financial solutions in each stage of their life. Our extensive trajectory demonstrates the resiliency and determination of our employees to innovate, reach for the right solutions and strongly support the communities we serve; therefore, we value their diverse skills, experiences and backgrounds.

We reaffirm our commitment to always offer essential financial services and solutions for our customers and communities, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.

If you have a disability or need more information about requesting an accommodation, please contact us at Ver el correo electrónico en jobs.popular.com . This email inbox is monitored for such types of requests only . All information you provide will be kept confidential and will be used only to the extent required to provide needed exemptions or reasonable accommodations. Any other correspondence will not receive a response.

Are you ready for a rewarding career?

Popular is an Equal Opportunity Employer, including Disability/Vets
Learn more about us at and keep updated with our latest job postings at .
Connect with us!
LinkedIn | Facebook | Twitter | Instagram

If you are a California resident, please click here to learn more about your privacy rights.