Industry: Accounting, Finance & Insurance•
Less than 5 years
Posted 52 days ago
United Bank is seeking an Information Security Risk Analyst to join our busy team in Hartford, CT. The Information Security Risk Analyst supports the information risk identification and management process across all aspects of Information Technology for United Bank. Responsibilities include assessing current threats to information stored in systems maintained by the Bank and the Bank’s vendors and then calculating the impact of potential adverse events.
This position will work with members of the Risk and Information Security Teams, project teams and business units (internal and external to the IT function); and ensures compliance with information security and IT policies and standards, related regulations and within the Bank’s risk appetite.
ESSENTIAL FUNCTIONS of the POSITION:
The Information Security Risk Analyst uses knowledge and experience to examine systems and procedures to identify risk leading to potential adverse events. Analysis will include a clear description of the risk and its likelihood and business impact. From this, mitigation plans are developed and reported to management for response (mitigating actions or risk acceptance).
Essential functions involve risk identification, risk measurement, risk mitigation, risk monitoring and riskreporting. The position has responsibility to:
OTHER FUNCTIONS of the POSITION:
All employees are subject to the requirements of the United Bank BSA Program. An employee’s role with United Bank determines which parts of the program apply. However, all employees are responsible for reporting suspicious activity identified in the course of their work, and all employees are responsible for the timely completion of mandatory compliance training assigned, such as BSA and OFAC.
The above duties may not be all-inclusive. The incumbent may be asked or required to perform other work as time and abilities allow.
DISTINGUISHING CHARACTERISTICS of the POSITION:
Judgment: The position requires considerable knowledge of information security, information technology, the Bank’s Information Security Program, applicable policies and section 501(b) of the Gramm, Leach, Bliley Act. Judgment and initiative are required in translating authoritative guidance into practice, in staying abreast of emerging threats and corresponding solutions and in management reporting.
Complexity: The complexity of duties and responsibilities of this position ranges from moderate to high requiring technical expertise, understanding risk management and internal controls and possessing excellent communication skills.
Impact of Errors: Errors or mishandling of security-related events may result in significant expense, financial loss, and/or damage to the Bank’s reputation.
Interpersonal Relationships: Work involves daily interaction with IT and management and requires strong verbal and written communication skills, persuasiveness and confidence. The position requires the ability to support arguments with facts. The position involves frequent communications with peers, staff members, all levels of management, auditors, examiners, and vendors and requires persuasiveness, discretion, initiative, and diplomacy.
QUALIFICATIONS for the POSITION:
Education: Bachelor’s degree in an IT or Information Security-related discipline or in risk management. Professional certifications (e.g. CISSP, CISA, CRISC, etc.) preferred.
Experience: Three or more years of experience in Information Security, Risk Management, IT Audit or IT at a regulated institution, preferably at a Bank.
Knowledge, Abilities, and Skills:
Physical Requirements: Ability to communicate effectively and distill complex situations through presentations and individual discussions with managers, employees and vendors. Eyesight and hearing at a level that does not interfere with responsibilities, Mobility to move within the Bank.