Citizens Logo

Citizens

Data, AI and Emerging Technology Risk Principal Analyst

Posted 9 Days Ago
In-Office or Remote
Hiring Remotely in United States
138K-200K Annually
Senior level
In-Office or Remote
Hiring Remotely in United States
138K-200K Annually
Senior level
Lead identification, assessment, and remediation of technology and AI-related risks across systems, platforms, and third parties. Execute RCSAs and control testing, support audits and regulatory exams, analyze security telemetry to identify trends, and present executive-level risk reporting. Partner with technology and business leaders, improve risk frameworks, mentor analysts, and advise on emerging threats and control enhancements.
The summary above was generated by AI

Within Enterprise Technology & Security (ETS), the Data, AI and Emerging Technology Risk Principal Analyst drives the strategic identification, assessment, and mitigation of technology-related risks, playing a key role in safeguarding the organization's information assets. This senior individual contributor position operates with significant autonomy, working across technology and business teams to shape risk practices, advance control effectiveness, and ensure alignment with Cybersecurity Risk Institute (CRI) Profile, NIST Cybersecurity Framework, NIST 800-53, and other applicable frameworks. The Principal Analyst serves as a subject matter expert whose insights directly influence the bank's technology risk posture and risk management strategy. Principal Risk Analysts solve complex problems, take broad perspectives to solve problems innovatively and may lead projects with moderate resource requirements, risk and/or complexity. Cross-functional leadership and development across junior contributors are a key feature of this senior role. 

Responsibilities 

  • Lead the proactive identification, assessment, and monitoring of technology and cybersecurity risks across systems, applications, infrastructure, and services, applying industryrecognized frameworks such as CRI, NIST CSF and NIST 80053. 

  • Execute and oversee complex Risk and Control Self Assessments (RCSAs), risk assessments, targeted risk reviews, and control adequacy evaluations, providing challenge and expert recommendations on risk treatment and remediation strategies. 

  • Serve as a subject matter expert for technology risk during internal audits, regulatory examinations, and supervisory inquiries, leading issue analysis, response development, and corrective action execution. 

  • Analyze and synthesize risk and security data from enterprise platforms and monitoring tools to identify systemic trends, emerging risks, and control gaps, translating findings into strategic insights for leadership. 

  • Partner closely with senior technology, engineering, cybersecurity, compliance, and business leaders to evaluate risk associated with new and existing platforms, infrastructure, and initiatives. 

  • Oversee thirdparty technology risk activities for highrisk or complex service provider relationships within assigned domains. 

  • Develop and deliver clear, executivelevel risk reporting and presentations, effectively communicating risk posture, trends, and remediation priorities to senior management and governance forums. 

  • Contribute to the continuous enhancement of risk frameworks, methodologies, policies, and governance processes to strengthen overall risk maturity. 

  • Mentor and coach analysts at varying levels, fostering strong risk judgment, analytical rigor, and a culture of accountability and continuous improvement. 

  • Stay ahead of evolving regulatory requirements, emerging threats, and industry trends, proactively advising leadership on risk impacts and control enhancements. 

  • Champion initiatives that strengthen the organization’s risk posture and promote a proactive, riskaware culture across the enterprise. 

Team-Specific Requirements 

Preferred Domain-Specific Technical Skills  

  • Familiarity with cloud platforms such as AWS, Azure, or GCP 

  • Experience with analytics platforms, storage solutions, data protection methodologies, data platforms, ETL, data transmission, data loss prevention, endpoint security practices, and cyber recovery practices, e.g. Tableau, Webfocus, APIs and Microservices based development, Talend, Informatica, Kafka, Spark, Autosys, Airflow, Java, Hadoop, Redshift, Starburst, Databricks, Tessell, MongoAtlas, Snowflake, OCI, AWS RDS, etc.) 

  • Proficiency with data governance, security and other telemetry tools such as Collibra, Grafana, Datadog, Qualys, Wiz, CyberArk, or Splunk 

  • Experience with continuous integration, continuous delivery, agile and devsecops pipelines, including data engineering sub-pipelines and related tools (e.g. Nexus, Jenkins, Harness, Fortify, EKS, Openshift, etc.) 

  • Knowledge of AI/ML platform tools such as Bedrock, Sagemaker, H2O.ai, MLflow, etc. 

Preferred Team-Specific Tools & Platforms  

  • ServiceNow, Jira, Confluence, or other ITSM/collaboration platforms 

  • GRC Archer, WDesk, or other risk and compliance platforms 

Experience & Skills 

Required: 

  • 7–10 years of progressive experience in IT risk management, information security, or internal audit, with demonstrated leadership in complex risk environments. 

  • Deep expertise in control frameworks including CRI Profile, NIST 800-53, NIST CSF, COBIT, and/or ITIL, and the ability to apply them strategically. 

  • Proven ability to lead risk assessments, control testing programs, and regulatory response activities independently. 

  • Advanced proficiency with GRC platforms (e.g., Archer), security monitoring tools (e.g., Splunk, Qualys, Wiz), and data analysis tools (e.g., Tableau, Grafana, Excel). 

  • Strong executive communication skills; ability to present risk findings persuasively to senior leaders and non-technical audiences. 

  • Track record of influencing risk practices and driving meaningful improvements in control environments. 

  • Ability to operate independently and manage complex, multi-stakeholder workstreams. 

 

Preferred: 

  • Experience in a regulated financial institution with familiarity with OCC, Federal Reserve, or FDIC supervisory expectations. 

  • Background in cloud infrastructure risk, cyber resilience, or enterprise architecture risk. 

  • Experience designing or significantly improving risk management programs or frameworks. 

 

Education 

  • Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field required; Master's degree strongly preferred. 

  • One or more of the following certifications are preferred: 

  • CISA (Certified Information Systems Auditor) 

  • CRISC (Certified in Risk and Information Systems Control) 

  • CISM (Certified Information Security Manager) 

  • CISSP (Certified Information Systems Security Professional) 

  • PMI-RMP (Risk Management Professional) 

  • AWS Solutions Architect or Microsoft Azure Administrator 

Hours & Work Schedule

  • Hours per Week: Monday-Friday
  • Work Schedule: 40
  • Hybrid: 4 days per week onsite, 1 day remote 

 

Pay Transparency

The salary range for this position is $138,000 - $200,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the budget, work location, and relevant skills and experience.

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits .

About Us

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.

Equal Employment and Opportunity Employer

Job Applicant Data Privacy Policy

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.


Citizens Boston, Massachusetts, USA Office

28 State St, Boston, MA, United States, 02109

Citizens Dedham, Massachusetts, USA Office

Dedham, United States

Citizens Westwood, Massachusetts, USA Office

Westwood, United States

Similar Jobs

An Hour Ago
Remote
United States
Senior level
Senior level
Artificial Intelligence • Legal Tech
Own and harden core platform infrastructure on GCP, build and maintain CI/CD and IaC, unify logging and observability, enforce network and environment isolation, improve developer productivity and tooling, and help define platform engineering direction and culture.
Top Skills: Ci/CdDeployment PipelinesGoogle Cloud PlatformIamInfrastructure As CodeLoggingNetworkingObservabilityPulumiService AccountsTerraformTypescript
An Hour Ago
In-Office or Remote
175K-350K Annually
Mid level
175K-350K Annually
Mid level
Information Technology • Software • Financial Services • Quantitative Trading
Design, build, and operate high-performance Kdb+/Q platforms for real-time and historical market data, partnering with traders and researchers to deliver scalable time-series analytics, streaming, and trading solutions while driving architecture, automation, and operational excellence.
Top Skills: C++Distributed SystemsJavaKdb+/QLinuxMarket DataPythonTime-Series Analytics
An Hour Ago
Remote or Hybrid
120K-160K Annually
Senior level
120K-160K Annually
Senior level
Artificial Intelligence • Big Data • Cloud • Information Technology • Machine Learning • Software
Drive regional channel revenue through partner recruitment, onboarding, and joint business planning across the Southeast. Generate and manage partner-sourced pipeline, collaborate with direct sales through full sales cycle, execute go-to-market initiatives, and ensure partner enablement, forecasting accuracy, and regional growth.

What you need to know about the Boston Tech Scene

Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.

Key Facts About Boston Tech

  • Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
  • Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
  • Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
  • Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account