Senior IT Operational Risk Specialist in Atlanta, GA at Voya

Date Posted: 11/27/2019

Job Snapshot

Job Description

As part of the application process, a candidate account is required to log in and view application(s).  Please be sure to check email regularly for information regarding our employment process.

Profile Summary:

The Senior IT Operational Risk Specialist reports to the Director, Head of IT Operational Risk Management (ORM), and provides risk oversight for Voya’s Enterprise Information Technology (IT) function by facilitating processes to identify, monitor, and mitigate IT related operational risks, and by providing management with timely and accurate information to assist in risk-based decision making.

Profile Description:

The mission of the Operational Risk Management (ORM) function is to support Voya Financial leadership in risk-based decision making and to assist with the management of operational risks of the enterprise, through the application of a comprehensive framework, processes and tools for identifying, measuring, and monitoring operational risks.

Reporting to the Director, Head of IT Operational Risk Management, the Senior IT Operational Risk Specialist will focus on the communication, implementation, and execution of operational risk policies and procedures, in support of risk management within Voya’s Enterprise IT function. The individual will employ business, IT, and operational process knowledge to perform independent review and challenge, and to advise stakeholders on solving complex and time-sensitive risk related matters. Responsibilities include, but are not limited to the following:

  • Regularly interact with and build partnership with stakeholders at varying levels to promote and instill a strong risk culture, and advise on IT related operational risks and remediation/mitigation of risk exposures.
  • Assist in defining IT operational risk and control standards and maintaining the standards framework.
  • Lead operational risk management activities that include IT process reviews, top-down risk assessments, targeted risk and control assessments, development of key risk Indicators (KRI), risk event management, trend analysis, and controls compliance.
  • Monitor the IT operational risk and control environment including root cause analysis of issues and incidents to identify process improvement and risk reduction opportunities.
  • Partner with other risk and control functions, including internal audit and compliance to support a coordinated coverage model and to develop a complete and aggregate view of risk for the specific area(s) assigned.
  • Assist with the development of risk committee materials and other risk reporting as deemed necessary to support risk governance.
  • Assist with assessments concerning compliance with applicable laws and regulations impacting IT.
  • Work closely with line of business ORM teams to characterize potential IT risks and trends, assessing business impact and articulating criticality and implications to business stakeholders.
  • Assist with other ORM projects, initiatives, and tasks, as needed.
  • Assist with ongoing development and maintenance of ORM strategy and framework, and education of stakeholders.

Knowledge & Experience:

  • Bachelor’s degree in Computer Science, MIS or related field; or equivalent work experience. Master’s degree desired.
  • Minimum 8 years of relevant experience, including minimum 4 years of financial services experience, with a strong background in IT, IT audit, and/or IT operational risk.
  • Broad knowledge of IT processes, and associated risks and controls.
  • CISA, CISSP, CISM, CRISC or other related IT risk certification is preferred.
  • Technical knowledge of applicable standards and regulatory requirements including, NIST, COBIT, ITIL, ISO27000, and other relevant IT frameworks.
  • Familiarity and experience using eGRC solutions, RSA Archer in particular.
  • Ability to communicate complex information technology risks and issues to non-technical business stakeholders to ensure a clear understanding of criticality and implications.
  • Ability to discern business relevant risk from IT risks and issues, and to identify the corresponding remediation which is adequate and balanced to mitigate business impact.
  • Ability to function independently with limited supervision.
  • Solid problem solving, decision making, and facilitation skills.
  • Proficient with Microsoft Office suite of products and automated reporting tools. Ability to produce professional documents ready for presentation to executive “C-Level” management.
  • Ability to travel (domestic) if needed, approximately 10%.



Critical Skills
At Voya, we have identified the following critical skills which are key to success in our culture: 

  • Customer Focused: Passionate drive to delight our customers and offer unique solutions that deliver on their expectations.
  • Critical Thinking: Thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
  • Team Mentality: Partnering effectively to drive our culture and execute on our common goals. 
  • Business Acumen: Appreciation and understanding of the financial services industry in order to make sound business decisions. 
  • Learning Agility: Openness to new ways of thinking and acquiring new skills to retain a competitive advantage.

Learn more about Critical Skills.


  1. Auditor Jobs
  2. Internal Auditor Jobs