Description

Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them.

Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself.

The Intelligence and Analytics (IA) Specialist is responsible for supporting the organization's information security, technology risk, and governance programs. This role focuses on maintaining alignment with industry standards and regulatory expectations, design, enhancement, and reporting of key risk Indicators (KRIs), and identifying emerging and AI‑related risks. This role, as part of an extension of Global Information Security Office (GISO), will work closely with the global stakeholders on Information Security and Technology Risk themes to drive strategic value through data-driven risk insights and platform transformations

ESSENTIAL FUNCTIONS:

• Define, track, and report Key Risk Indicators (KRIs) and security risk metrics, producing dashboards and management‑level reporting.
• Document and manage risks, controls, and issues using GRC tools such as ServiceNow IRM (good to have), supporting workflow efficiency and audit traceability.
• Experience in identifying, assessing, and monitoring emerging risks, including AI, automation, data privacy, and evolving threat landscapes, and providing risk‑based recommendations to stakeholders.
• Prepare and deliver clear, executive‑ready presentations, and effectively communicate security and risk concepts to both technical and non‑technical stakeholders.
• Develop, review, and maintain information security policies, standards, and procedures, ensuring alignment with regulatory expectations, industry frameworks, and internal risk appetite.
• Experience in managing the Information Security Management System (ISMS) aligned with ISO/IEC 27001, NIST Cybersecurity Framework (CSF), and COBIT, ensuring consistent application of controls and governance practices across the organization.
• Experience in performing information security, technology, and cyber risk assessments, including inherent and residual risk analysis, and evaluating risks associated with new technologies, cloud, and digital initiatives.
• Perform third‑party security risk assessments, review vendor security artifacts (e.g., SOC reports, certifications), and track remediation activities and risk acceptance decisions.
• Support regulatory compliance activities, internal and external audits, and management responses by ensuring risks, controls, and issues are well documented, traceable, and defensible.

Education:

• College diploma or University degree in Computer Science or IT Management, or equivalent experience.

EXPERIENCE:

• 5 - 8 years of experience in information security, cyber/technology risk, or GRC‑focused roles.
• Hands‑on experience with ISO/IEC 27001, NIST CSF, and COBIT frameworks.
• Experience performing risk assessments, policy and standards development, and third‑party risk management.
• Exposure to regulatory compliance environments and audit support activities.
• Risk reporting, analytics, or KRI development
• Exposure to ServiceNow IRM or similar GRC platforms (good to have)

SKILLS/CHARACTERISTICS:

• Strong understanding of information security, technology risk, and emerging risk domains, including AI‑related risks
• Knowledge of GRC practices, control frameworks, and regulatory expectations
• Experience with GRC tools (e.g., ServiceNow IRM - good to have)
• Excellent analytical, documentation, and reporting skills
• Strong written, verbal, and presentation skills, with the ability to communicate effectively with senior management and cross‑functional teams
• Ability to translate technical security risks into clear business impact
• Individual contributor with strong analytical skills and a data-driven mindset

We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age, race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law.