WHAT DOES AN IT RISK ANALYST DO?

Published: Nov 20, 2025 - The Information Technology (IT) Risk Analyst conducts diverse IT and cybersecurity assessments, evaluates risk acceptance requests, analyzes control gaps, and prepares key risk indicator reports to support effective risk governance. This role collaborates with stakeholders to review findings, track remediation actions, assess cross-functional impacts of technology solutions, and provide updates to senior management. The analyst also performs root cause analysis on production issues and contributes to risk-related projects, ensuring timely and accurate completion of all required deliverables.

A Review of Professional Skills and Functions for IT Risk Analyst

1. IT Risk Analyst Duties

  • Risk Assessment: Assist with developing and maintaining the IT Risk Assessment and scoping for Parkland
  • Audit Focus: Identifying areas where compliance audits should focus
  • Compliance Execution: Assist with the execution of Parkland’s IT compliance program (C-SOX and SOX) including the execution of walkthroughs and tests of the design and operational effectiveness of IT controls
  • Scope Analysis: Assist with annual and ongoing compliance scoping to identify any changes to the systems, applications, and automated controls considered to be in scope for the current fiscal year
  • Workpaper Preparation: Prepare clear, concise, appropriately referenced work papers to document test procedures performed and conclusions drawn
  • Implementation Review: Pre and post-implementation reviews of system implementations or enhancements
  • Audit Coordination: Coordinate IT compliance program testing of IT controls with external audit IT team members, control owners, managers, and executive management
  • Deficiency Evaluation: Evaluate IT control deficiencies for impact and perform root cause analysis to determine appropriate management actions
  • Remediation Monitoring: Monitor management’s remediation efforts to closure, including review of supporting evidence
  • Process Improvement: Support initiatives to improve controls, make processes more efficient, effective, and reduce cycle time for IT compliance
  • Control Review: Perform various reviews of IT management policies and procedures such as change management, business continuity planning, disaster recovery, and information security, to ensure that controls surrounding these processes are adequate
  • Control Methodology: Bring a good understanding of IT controls methodology to help the department develop a best-in-class practice
  • Data Analytics: Assist with the implementation of data analytical tools to perform sampling and analyze data to improve audit and business efficiency and effectiveness, including for risk assessments
  • Program Maturation: Support the maturation of the IT compliance program across the organization

2. IT Risk Analyst Details

  • System Understanding: Develop a detailed understanding of the Ryanair IT systems including IT risks and controls
  • Risk Assessment: Periodically assess IT risks and internal control strengths and weaknesses
  • Compliance Monitoring: Develop and execute a monitoring and compliance work plan and capture conclusions
  • Issue Remediation: Work with IT Development, Operations and Security teams to remediate any outstanding issues
  • Control Testing: Support the annual PCI, Sarbanes-Oxley, and GDPR compliance activities by ongoing testing and evaluating the effectiveness of key control activities
  • Stakeholder Communication: Regularly interact and communicate with management to discuss and present findings, gain acceptance, and provide advice to remediate issues and deficiencies
  • Control Advisory: Advise IT and business stakeholders on control best practices within their processes to reduce risks and improve efficiency and financial profitability
  • Audit Interaction: Interact with SOX auditors and PCI security assessors during annual audits

3. IT Risk Analyst Responsibilities

  • Audit Liaison: Liaise with external and internal stakeholders to manage audit engagements
  • Issue Monitoring: Monitor outstanding risk items and audit issues to ensure proper ownership and follow-up
  • Project Management: Manage project initiatives according to the outlined scope and timeline
  • Risk Assessment: Perform risk assessments on IT processes and areas to identify control gaps against the bank's policies and standards
  • Process Improvement: Identify and implement measures for process improvement, analyse tools for control, and evaluate potential operational risks
  • Management Reporting: Prepare the required data and presentation deck for management reporting
  • Control Testing: Perform independent risk management testing for key IT/IS controls which includes assessing the design and operating effectiveness of the control structure and compliance with policies and standards
  • Result Documentation: Document test results and provide support for an informed, objective opinion of the risk exposure
  • Observation Drafting: Draft testing observations and provide recommendations to management both verbally and in writing
  • Plan Review: Review management action plans to assess the effectiveness of proposed remediation and appropriateness of the timeline

4. IT Risk Analyst Job Summary

  • Deadline Management: Ensure assessments, projects and task deliverable dates are met
  • Risk Assessment: Conduct Information Security, Information Technology, Cyber Security, application risk, disaster recovery planning, Risk Control Self Assessment, onsite assessment and other IT risk assessments
  • Risk Acceptance: Perform assessments of an IT Risk Acceptance request to identify risks and mitigating controls as well as follow up on necessary approvals
  • Issue Documentation: Document observations for existing IT control processes and identified issues in the assessment questionnaire during disaster recovery planning exercises
  • KRI Reporting: Prepare monthly KRI reports using Excel
  • Stakeholder Followup: Discuss findings with stakeholders and follow up on agreed upon action plans and target completion dates
  • Impact Analysis: Determine if proposed technology solutions have cross-functional impact or risks to other units and identify areas of efficiency
  • Management Communication: Provide appropriate information, share and updates with senior management and other key stakeholders
  • Gap Analysis: Perform various IT risk assessments and risk-associated projects such as identifying framework workflow processes and performing gap analysis as defined by the manager
  • Root Analysis: Provide root cause analysis along with a conclusion on production issues

5. Senior IT Risk Analyst Accountabilities

  • Risk Identification: Proactively works with IT and business units to identify and assess operational, technology, and third-party risks, ensuring adherence to regulatory, legal, corporate and functional requirements
  • Process Evaluation: Participates in periodic assessment and challenge activities designed to evaluate and review business processes, risk profiles, IT assets, vendors and controls
  • Program Alignment: Ensure alignment with WAL’s Enterprise and Operational Risk programs, policies and practices
  • Remediation Support: Assist the first line of defense teams in developing action items for remediation and serve as subject matter expert throughout the remediation process
  • Policy Compliance: Ensure WAL policies and procedures and associated technology and cybersecurity risk programs are consistent with current applicable banking rules, regulations and laws
  • Requirement Monitoring: Monitors and assesses for any new or amended requirements
  • Risk Awareness: Promote ERM and ORM awareness of policy and standards to effectively maintain IT risk management procedures and associated technology and cybersecurity risk programs
  • Framework Support: Support the implementation of the IT control framework and integration activities
  • Control Assessment: Assesses IT internal control performance
  • Control Improvement: Identify weaknesses and provide recommendations to strengthen the IT control environment
  • Gap Analysis: Analyze risk issues, audit and assessment gaps to determine control effectiveness
  • Metric Reporting: Report key metrics and status on IT risk management remediation efforts
  • GRC Utilization: Utilize the GRC tool to manage IT-related activities
  • First Line Guidance: Working with the first line of defense to provide guidance and effective challenge for operational, technology and third-party risk assessments, issue remediation and controls testing
Relevant Information
What Does An IT Analyst Do?
What Does An IT Financial Analyst Do?
What Does An IT Support Analyst Do?
What Does An IT Systems Analyst Do?