Information Security Risk Analyst

United Financial Bank   •  

Hartford, CT

Industry: Accounting, Finance & Insurance


Less than 5 years

Posted 52 days ago

This job is no longer available.


United Bank is seeking an Information Security Risk Analyst to join our busy team in Hartford, CT. The Information Security Risk Analyst supports the information risk identification and management process across all aspects of Information Technology for United Bank. Responsibilities include assessing current threats to information stored in systems maintained by the Bank and the Bank’s vendors and then calculating the impact of potential adverse events.

This position will work with members of the Risk and Information Security Teams, project teams and business units (internal and external to the IT function); and ensures compliance with information security and IT policies and standards, related regulations and within the Bank’s risk appetite.


The Information Security Risk Analyst uses knowledge and experience to examine systems and procedures to identify risk leading to potential adverse events. Analysis will include a clear description of the risk and its likelihood and business impact. From this, mitigation plans are developed and reported to management for response (mitigating actions or risk acceptance).

Essential functions involve risk identification, risk measurement, risk mitigation, risk monitoring and riskreporting. The position has responsibility to:

  • Document and maintain the Bank’s IT/IS risk assessment methodology based on industry IT risk assessment frameworks (e.g. NIST, FFIEC Cybersecurity Assessment, COBIT, etc.);
  • Perform IT, cybersecurity, vendor, process, etc. risk assessments;
  • Assess applicable threats and their likelihood and potential impact to confidential information and/or business operations;
  • Work together with Information Security team members to understand current vulnerabilities or weaknesses in systems;
  • Assess adequacy of controls to protect sensitive information systems;
  • Recommend mitigating controls to management to reduce identified risk;
  • Work with Internal Audit Department to validate/test control effectiveness;
  • Work closely with IT project teams and effectively communicate information security requirements for new products and services;
  • Work with the Information Security and IT teams in support of the bank-wide Data Loss Prevention strategy;
  • As an advocate of information security, work closely and proactively with IT project team leaders and business units to provide security-related technical solutions. Identify opportunities to improve business practices or IT security-related processes;
  • Analyze, recommend and implement process improvements within the information security department, and outside of the department, where applicable;
  • Assist in developing cybersecurity awareness training material;
  • Assist in identifying breaches in the Bank’s security or tracking the source of an unauthorized intrusion, as assigned.


All employees are subject to the requirements of the United Bank BSA Program. An employee’s role with United Bank determines which parts of the program apply. However, all employees are responsible for reporting suspicious activity identified in the course of their work, and all employees are responsible for the timely completion of mandatory compliance training assigned, such as BSA and OFAC.

The above duties may not be all-inclusive. The incumbent may be asked or required to perform other work as time and abilities allow.


Judgment: The position requires considerable knowledge of information security, information technology, the Bank’s Information Security Program, applicable policies and section 501(b) of the Gramm, Leach, Bliley Act. Judgment and initiative are required in translating authoritative guidance into practice, in staying abreast of emerging threats and corresponding solutions and in management reporting.

Complexity: The complexity of duties and responsibilities of this position ranges from moderate to high requiring technical expertise, understanding risk management and internal controls and possessing excellent communication skills.

Impact of Errors: Errors or mishandling of security-related events may result in significant expense, financial loss, and/or damage to the Bank’s reputation.

Interpersonal Relationships: Work involves daily interaction with IT and management and requires strong verbal and written communication skills, persuasiveness and confidence. The position requires the ability to support arguments with facts. The position involves frequent communications with peers, staff members, all levels of management, auditors, examiners, and vendors and requires persuasiveness, discretion, initiative, and diplomacy.


Education: Bachelor’s degree in an IT or Information Security-related discipline or in risk management. Professional certifications (e.g. CISSP, CISA, CRISC, etc.) preferred.

Experience: Three or more years of experience in Information Security, Risk Management, IT Audit or IT at a regulated institution, preferably at a Bank.

Knowledge, Abilities, and Skills:

  • Expertise in technology and information risk assessments and identifying technology and internal controls necessary to mitigate risk.
  • Excellent written and verbal communication skills.
  • In-depth understanding of IT risk management and risk assessment concepts.
  • Knowledgeable of technical security standards such as NIST, STIG, ISO, COBiT, COSO and other authoritative guidance such as FFIEC IT Handbooks and GLBA section 501(b).
  • Excellent computer aptitude and skills.
  • Articulate, persuasive, diplomatic, and discreet in working with all levels of Bank staff and management, third parties and in representing United Bank to auditors and examiners.

Physical Requirements: Ability to communicate effectively and distill complex situations through presentations and individual discussions with managers, employees and vendors. Eyesight and hearing at a level that does not interfere with responsibilities, Mobility to move within the Bank.

Desirable Qualifications:

  • Experience writing executive-level reports;
  • Information security or IT certification(s);
  • Advanced skills in Microsoft Office, including Access;
  • Courses in leadership, cybersecurity, incident response, PowerPoint, Excel.