✦ Luna Orbit — QA & Testing

Senior Technology Risk Analyst - Monitoring and Testing

at Citizens Financial Group

📍 United States Hybrid Posted April 14, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Full-Time
Experience senior
Exp. Years Not specified
Education Not specified
Category QA & Testing

About this role

This role leads the planning and execution of technology and cybersecurity control monitoring and testing within a first-line risk team. The Senior Technology Risk Analyst ensures results are documented for audit and regulatory review and validates remediation effectiveness to support issue closure.

Key Responsibilities

  • Lead planning and execution of control monitoring and testing across technology and cybersecurity processes
  • Perform/oversee control design and operating effectiveness testing; review workpapers and evidence
  • Document testing results clearly and accurately in the system of record for QA, Internal Audit, and Regulatory review
  • Support/lead Risk and Control Self-Assessments (RCSAs) including creation and validation of process maps
  • Improve monitoring using automation, data analytics, trend and anomaly analysis, and KRIs/KCMs

Technical Overview

The work focuses on end-to-end control testing execution, including control design and operating effectiveness testing, as well as continuous monitoring improvements using metrics, trend and anomaly analysis, automation, and data analytics. The role applies risk frameworks including Cybersecurity Risk Institute (CRI) Profile, NIST 800-53, and NIST Cybersecurity Framework.

Ideal Candidate

The ideal candidate is a senior technology risk analyst with hands-on experience leading control monitoring and control testing for technology and cybersecurity processes. They have strong knowledge of NIST 800-53 and the NIST Cybersecurity Framework, and have used the Cybersecurity Risk Institute (CRI) Profile to assess risk. They can produce audit-ready documentation, run Risk and Control Self-Assessments (RCSAs), and improve testing through automation, analytics, and continuous monitoring.

Must-Have Skills

Apply deep knowledge of frameworks such as Cybersecurity Risk Institute (CRI) ProfileNIST 800-53and NIST Cybersecurity FrameworkLead planning and execution of control monitoring and testing across multiple complex technology and cybersecurity processesIndependently perform and/or oversee control design and operating effectiveness testingEnsure testing results are documented clearly and accurately in the system of record and supporting toolsSupport and/or lead Risk and Control Self-Assessments (RCSAs)including creation and validation of process maps

Nice-to-Have Skills

testing automationanalytics and improved key control metrics (KRIs/KCMs)leveraging trend and anomaly analysis

Tools & Platforms

system of record

Required Skills

control monitoringcontrol testingcontrol design testingoperating effectiveness testingissue validation testingremediation effectivenessRisk and Control Self-Assessments (RCSAs)process mapsautomationdata analyticscontinuous monitoringtrend and anomaly analysisKRIs/KCMsCybersecurity Risk Institute (CRI) ProfileNIST 800-53NIST Cybersecurity Frameworkaudit-ready documentation

Hard Skills

control monitoringcontrol testingcontrol design testingoperating effectiveness testingrisk judgmentissue validation testingremediation effectiveness testingsystem of record documentationaudit-ready documentationRisk and Control Self-Assessments (RCSAs)process mapsCybersecurity Risk Institute (CRI) ProfileNIST 800-53NIST Cybersecurity Frameworkcontinuous monitoringmetricstrend and anomaly analysisdata analyticsautomationKRIs/KCMskey control metrics

Soft Skills

mentoring analystsinfluencing stakeholdersdata-driven insights communicationhigh quality documentationtimely communicationproactive escalationdriving follow-up with stakeholdersstakeholder relationship buildingfact-based analysisclear recommendationsattention to completenessaccuracy

Industry & Role

Industry Banking
Job Function Execute and improve technology and cybersecurity control testing and monitoring to strengthen the control environment.
Role Subtype QA Lead
Tech Domains Cybersecurity

Keywords for Your Resume

Senior Technology Risk Analyst - Monitoring and TestingEnterprise Technology & Security (ETS) Risk Senior Analysttechnology-related riskscontrol monitoringcontrol testingtesting executioncontrol designoperating effectiveness testingworkpapersevidenceaudit readinessaudit-ready documentationsystem of recordissue validation testingremediation effectivenessRisk and Control Self-Assessments (RCSAs)process mapsautomationdata analyticscontinuous monitoringtrend and anomaly analysisKRIsKCMsCybersecurity Risk Institute (CRI) ProfileNIST 800-53NIST Cybersecurity Frameworktechnology and cybersecurity processesregulatory reviewInternal AuditQA

Deal Breakers

Must have deep knowledge of Cybersecurity Risk Institute (CRI) Profile, NIST 800-53, and NIST Cybersecurity Framework, Must be able to lead planning and execution of control monitoring and testing across complex technology and cybersecurity processes, Must ensure testing results are documented clearly and accurately for QA, Internal Audit, and Regulatory review

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile