Principal/Senior Technology Risk Analyst

Posted Yesterday
Be an Early Applicant
Boston, MA, USA
In-Office
160K-180K Annually
Senior level
Insurance
The Role
Lead identification, assessment, and monitoring of IT risks; maintain risk register; run RCSAs; define KRIs/KPIs and dashboards; perform vendor risk reviews; validate remediation; assess AI risks; educate teams and support global IT risk requests.
Summary Generated by Built In

Who are we? 


A strategic and trusted insurance partner, Berkshire Hathaway Specialty Insurance (BHSI), provides a broad range of commercial property, casualty and specialty insurance coverages and outstanding service to customers and brokers around the world. Part of Berkshire Hathaway’s insurance operations, we bring our solutions to market with our stellar brand name, top-rated balance sheet, and the expertise of our global team of professionals, who exude excellent capabilities and strong character.


We are a values-based organization where respect, integrity, excellence, collaboration, and passion define who we are and how we do business. We value diversity of backgrounIds, experience, and perspectives and strive to foster an inclusive environment that enables all our team members to bring their best selves to work. We are one team committed to building a culture where every teammate has the opportunity to contribute and be recognized. Want to be part of the team building the finest property, casualty and specialty lines insurance company in the world?


Learn more about our unique culture and history.


Job Opportunity: 

 

Berkshire Hathaway Specialty Insurance (BHSI) has an exciting opportunity for a new team member to join their Boston-based Technology Governance Risk Audit & Compliance (GRAC) team as a Technology Senior Risk Analyst. In this newly created role, the Technology Senior Risk Analyst will support and mature the Technology Risk Management pillar, ensuring technology risks are proactively identified, assessed, communicated, and monitored across the enterprise. This role will build strong partnerships with Technology leadership and collaborate closely with teams across BHSI to evaluate our Technology risk posture, provide independent challenge, and recommend practical risk‑reducing actions aligned with our established risk appetite. If you're passionate about elevating enterprise Technology risk practices, driving meaningful change, and growing your career as a key contributor to our evolving global IT risk program, we’re interested in speaking with you.


Duties & Responsibilities:

 

  • Lead risk identification, risk assessment, and ongoing monitoring; maintain the Technology risk register and ensure risks map to business objectives and risk appetite/tolerances.
  • Drive Risk and Control SelfAssessments (RCAs) with different risk and control owners; advise on control design for identity & access, change/release, resiliency/DR, cloud security, data protection, and vulnerability management.
  • Define and socialize KRIs/KPIs, risk dashboards, trends, and heat maps; deliver clear status to Technology leadership, and key stakeholders.
  • Partner with Vendor Risk Management Team to evaluate critical vendors (including AIenabled services), review SOC reports/certifications, assess control gaps, and track remediation/compensating controls through closure.
  • Track risk issues, action plans, and target dates; validate remediation and retest where needed; participate in lessonslearned and scenario exercises.
  • Provide support to our offices from both a U.S. and global perspective (i.e., Asia, Middle East, UK, Europe, Australasia, etc.) regarding the fulfillment of Technology risk related requests and obligations.
  • Assess AI/automation use cases for explainability, privacy, security, and bias risk; ensure appropriate documentation, monitoring, and governance are in place.
  • Educate teams on risk expectations, evidence quality, and the “why” behind controls; help embed risk thinking into delivery and operations.
  • Attend/participate in e-learning training sessions to increase background knowledge of the ever-evolving Technology regulatory landscape.

 

Qualifications, Skills and Experience:

 

  • 10+ years of experience in Technology risk, Technology audit/compliance, or cyber GRC.
  • Experience running RCSAs, defining KRIs/KPIs, and presenting risk insights to senior stakeholders.
  • Strong documentation skills, including writing risk narratives, control designs, control matrices, testing procedures, and remediation plans.
  • Effective communication and partnership skills; able to challenge constructively and receive challenge professionally.
  • Experience conducting vendor risk reviews, including SOC 2 analysis, control gap identification, and remediation followup.
  • Solid background knowledge of major risk and control frameworks (Technology, Cyber, Enterprise), such as NIST CSF, COSO ERM, COBIT, etc.
  • Working knowledge of U.S. Technology regulations (e.g., SOX, CCPA/CPRA, PCI, NYDFS) is recommended.
  • Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin) is preferred but not required.
  • Ability to work in a team-based environment and communicate effectively and efficiently with others domestically and globally.
  • Experience with GRC tools such as Workiva, AuditBoard, ServiceNow, Drata, Vanta, or similar platforms is a plus.
  • AI experience is a plus, including an understanding of AI risks, responsible AI concepts, or emerging AI regulatory requirements.
  • Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor (or equivalent) are a plus.


BHSI Offers:


  • A competitive package and exciting growth opportunities for career-oriented teammates.
  • A dynamic, action oriented, and thoughtful environment centered on always doing the right thing for our customers, teammates and our other stakeholders.
  • A purposely non-bureaucratic organization that embraces simplicity over complexity and emphasizes individual excellence in a team framework.
  • Benefits that support your life and well-being, which include:
    • Comprehensive Health, Dental and Vision benefits.
    • Disability Insurance (both short-term and long-term).
    • Life Insurance (for you and your family).
    • Accidental Death & Dismemberment Insurance (for you and your family).
    • Flexible Spending Accounts.
    • Health Reimbursement Account.
    • Employee Assistance Program.
    • Retirement Savings 401(k) Plan with Company Match.
    • Generous holiday and Paid Time Off.
    • Tuition Reimbursement.
    • Paid Parental Leave.


The base salary range for this position in Boston is $160,000.00 to $180,000.00, along with annual bonus eligibility. Total compensation for a candidate is determined by their relevant skills, location, and experience. We value our teammates – both their capabilities and character – as demonstrated by our amazing culture.


NOTE: Compensation will be commensurate with experience. This job description is not intended to be all-inclusive. Team Member may perform other related duties as negotiated to meet the ongoing needs of the organization.

Skills Required

  • 10+ years of experience in IT risk, IT audit/compliance, or cyber GRC.
  • Experience running RCSAs, defining KRIs/KPIs, and presenting risk insights to senior stakeholders.
  • Strong documentation skills (risk narratives, control designs, control matrices, testing procedures, remediation plans).
  • Effective communication and partnership skills; able to challenge constructively and receive challenge professionally.
  • Experience conducting vendor risk reviews, including SOC 2 analysis, control gap identification, and remediation follow-up.
  • Solid background knowledge of major risk and control frameworks (e.g., NIST CSF, COSO ERM, COBIT).
  • Working knowledge of U.S. IT regulations (e.g., SOX, CCPA/CPRA, PCI, NY-DFS).
  • Familiarity with global regulatory frameworks (e.g., GDPR, CBI, DORA, MAS, APRA, BaFin).
  • Ability to work in a team-based environment and communicate effectively with domestic and global colleagues.
  • Experience with GRC tools such as Workiva, AuditBoard, ServiceNow, Drata, Vanta, or similar platforms.
  • AI experience, including understanding AI risks or responsible AI concepts.
  • Professional certifications such as CRISC, CISA, CISM, CISSP, or ISO/IEC 27001 Lead Implementer/Lead Auditor.

Berkshire Hathaway Specialty Insurance Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Berkshire Hathaway Specialty Insurance and has not been reviewed or approved by Berkshire Hathaway Specialty Insurance.

  • Retirement Support Retirement support includes a 401(k) plan with matching contributions, which contributes to the overall value of the package. Performance bonuses are also described as part of the broader financial benefits offering.
  • Leave & Time Off Breadth Time-off provisions are framed as generous, with generous paid time off and company holidays included in the described package. Parental leave and a return-to-work program also add to the overall time-away coverage.
  • Fair & Transparent Compensation Pay is at times characterized as competitive or decent, and some roles include employer-provided salary ranges that help set expectations. This range disclosure suggests at least partial transparency depending on role and location.

Berkshire Hathaway Specialty Insurance Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Pittsfield, MA
1,492 Employees

What We Do

Berkshire Hathaway Specialty Insurance is an organization committed to providing long-term risk solutions and claims care to our customers backed by the financial strength of Berkshire Hathaway. We’re passionate about analyzing risk markets and tailoring insurance solutions that provide businesses with the flexibility they need to pursue opportunities. Accessibility, collaboration, responsibility, and integrity are at the core of how we conduct business. Ease of doing business is a priority, which means our teammates are empowered to collaborate and think creatively to achieve customer satisfaction. Our company culture puts a premium on responsiveness so we can get business done effectively, efficiently, and thoroughly. Come learn more about our products and services, our mission and our culture at www.bhspecialty.com. Follow us on Twitter at http://twitter.com/bhspecialty.

Similar Jobs

Citizens Logo Citizens

Senior Technology Risk Analyst – Monitoring and Testing

Digital Media • Fintech • Information Technology • Machine Learning • Financial Services • Cybersecurity • Automation
In-Office or Remote
2 Locations
17000 Employees

AMP Logo AMP

Director, Commercial Origination & Business Development

Artificial Intelligence • Computer Vision • Greentech • Machine Learning • Robotics • Industrial • Automation
Easy Apply
Remote or Hybrid
United States
175 Employees

PNC Bank Logo PNC Bank

Software Engineer

Machine Learning • Payments • Security • Software • Financial Services
Remote or Hybrid
USA
55000 Employees
88K-203K Annually

Wipfli Logo Wipfli

Manager, Financial Reporting - Nonprofit Clients

Cloud • Fintech • Software • Business Intelligence • Consulting • Financial Services
Remote or Hybrid
United States
3000 Employees
97K-145K Annually

Similar Companies Hiring

Globe Life Thumbnail
Insurance • Financial Services
McKinney, TX
3000 Employees
MassMutual India Thumbnail
Big Data • Fintech • Information Technology • Insurance • Financial Services
Hyderabad, Telangana
Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account