ServiceNow IT Risk Management Admin

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them — and their family members — achieve their physical, financial, emotional and social wellbeing goals. For a detailed look at CNA’s benefits, check out our Candidate Guide. The Analyst/Admin will support the Risk and Controls Governance (RCG) leadership team and business partners execute risk management activities in alignment with Risk and Controls Governance framework and IT process, risk and control (PRC) framework. The Analyst will be accountable to spearhead initiatives that enable the broader RCG strategy including technology capabilities and modernizations, methodology execution, and adoption activities specific to ServiceNow Integrated Risk Management (IRM). Given appropriate oversight and guidance, the Analyst will be accountable to perform first line activities such as RCG risk assessments and other risk management activities including risk identification, profiling, assessment, response, evaluation and advising the business on issues remediation. This position requires that the applicant have a foundational or intermediate understanding of IT risks and the execution of first line IT risk management processes and governance within a large institution. The applicant must also have good communication and management skills, and strong knowledge of industry best practices . JOB DESCRIPTION: Essential Duties & Responsibilities RCG Strategy and Transformation: Support the implementation of the target state program based on the planned roadmap for RCG focus areas including governance, risk management methodologies, technology enablement and automation, metrics, and reporting. Collaborate with the three lines of defense and other risk functions on behalf of RCG to support, enable and align the Risk and Controls Governance strategy within the broader CNA risk functions. Engage stakeholders at all levels across businesses and divisions to ensure effective communication and sufficient stakeholder input and buy-in. Help develop education, training, and awareness campaign materials regarding IT risks as well as critical communications to help provide clarity and adoption in support of the RCG program transformation. RCG Operational Activities: Execute Risk and Controls Governance operational activities including: Risk profiling (inherent risk assessment); Risk assessments for processes, applications and infrastructure; Risk and scenario analysis for IT risks; and Risk metrics and reporting . Document and develop materials for leadership to review issues identified through RCG activities. Help the business create, shepherd governance channels and monitor execution of the risk response plans in alignment with RCG methodology. Act as the point of contact to assist and respond to questions from key stakeholders and the business; manage required escalations and communication. Provide IT guidance and risk advisory support to key initiatives. Develop materials to provide regular updates to CNA Executives on the overall health of the program including preparing necessary information to facilitate management discussion and decision making. Qualifications Proven experience (5 years) in IT risk management, with a focus on identifying, assessing, and mitigating IT risks within a corporate environment. Hands-on experience with ServiceNow Integrated Risk Management (IRM) module, including configuration, customization, and administration, including ability to: Analyze incidents to identify application and system problems and possible solutions in a timely manner Manage the complete lifecycle of production and sandbox environments, including necessary configurations and integrations, application administrative activities Manage maintenance and administration of user profiles, including groups and role management Coordinate with support teams to troubleshoot issues and any planned activities Ability to develop and maintain risk registers, control libraries, and compliance documentation within ServiceNow IRM Strong analytical skills to assess complex IT risks and recommend appropriate risk mitigation strategies and controls. Experience in collaborating with cross-functional teams, including IT, security, compliance, and business units, to drive risk management initiatives Demonstrates a willingness to learn, self-starter and strong teaming capabilities Understanding of IT governance and technology risk management principles and best practices Strong interpersonal skills to support stakeholder communication and engagement across businesses Experience with technology process, risk and control framework Required: Bachelor’s degree Preferred: Knowledge and skills across COSO ISACA Risk IT framework ISACA COBIT 5.0 or 2019 ISO 31000-series and 27000-series, 13335 NIST Cybersecurity framework #Remote #LI-JB1 CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com. At CNA, we are focused on success, individually and collectively. We pride ourselves on promoting a culture that challenges and engages people. We strive to connect people, departments and business areas, to function as a team, and to serve our customers and communities with professionalism and respect. Our dedication to employee engagement, continuous learning and the open exchange of ideas is the cornerstone of our business. These ideals, combined with our focus on the customer, enable us to explore new market opportunities and build on our success. Our values, culture and financial strength are what differentiates us from other employers and make CNA the place you want to work. CNA is committed to fostering a diverse and inclusive culture grounded in equity that supports our organization, clients, and communities by prioritizing talent and programs that represent our current environment and empower all employees and partners to be active allies and advocates for equality. Globally, our Employee Resource Groups — Advocacy for Visible & Invisible Disabilities (AVID), Asian Professionals for Excellence (APEX), Empowering Black Professionals (EBP), Generational Perspectives (GP), Organization of Hispanics and Latine Americanos (¡OHLA!), Pride, Women Impacting Leadership (WIL) and Veterans — make CNA, and our communities, even stronger. At CNA, we have a long standing commitment to the diverse communities in which we live and work. We actively make a difference for the greater good through partnerships, sustainability, initiatives, and working together for a better tomorrow. Corporate Social Responsibility is not one person, or one department, it's the entire enterprise coming together to make the world a better place.