**If you are a current FIB employee, please apply through the Career Worklet in the Employee PortalThis position may be located at any of First Interstate Bank's offices in Idaho, Iowa, Missouri, Montana, Nebraska, Oregon, South Dakota, or Wyoming.
SUMMARYThe IT Risk Analyst II is responsible for measuring and identifying technical risks within First Interstate Bank's (FIB) infrastructure and third-party solutions. This position is also responsible for performing testing to validate systems and application security configurations continue to meet industry and FIB architecture and security standards, establishing and leveraging risk metrics and dashboards to continuously assess and report on technical risk, and providing guidance on IT security architecture and configurations based on the risks and controls evaluated.
ESSENTIAL DUTIES AND RESPONSIBILITIES- Leverages technical knowledge to assist in developing and enhancing cyber and information security policies, procedures, and standards.
- Works with Enterprise Architecture to assist in developing and enhancing the information security architecture standards and IT security technology roadmaps.
- Researches and evaluates proposed new technologies and platforms to ensure the appropriate technical security controls are specified in the requirements and are in alignment with the security reference architecture and security controls framework.
- Provides security consulting on projects to ensure solutions are designed in accordance with security architecture and that security configurations are properly implemented.
- Performs technical security assessments against FIB's existing infrastructure and products to ensure compliance with security architecture, policies, standards, procedures, and industry best practices.
- Monitors and matures the risk-based IT security metrics, scorecards, and dashboards to track cybersecurity performance and trends across the organization.
- Assists the business in identifying root causes and develops mitigation for deficiencies.
- Works with various groups during product upgrades or new product design to ensure security best practices are implemented.
- Performs technical reviews of third-party cyber and information risk.
- Researches emerging technologies in support of security enhancement and development efforts.
QUALIFICATIONSTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
KNOWLEDGE, SKILLS AND ABILITIES- Knowledge of concepts and principles in information security functional areas such as cloud security, firewalls and security mediation services, identity and access management, industry standard security frameworks, security controls, and compliance frameworks.
- Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
- Strong communication skills with all levels of the business and the ability to leverage knowledge of the appropriate approach and degree of detail for each.
- Remain up to date with emerging threats, best practices, and relevant frameworks, guidance, and legislation.
- Capable of managing varied assignments and working independently.
- Ability to define problems, collect data, establish facts, and draw valid conclusions.
- Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
- Experience with methods used in performing risk analyses and assessments and measuring cybersecurity compliance.
- Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
- Experience in working with compliance and regulatory program requirements.
EDUCATION AND/OR EXPERIENCE- Bachelor's Degree in a related field required
- 4-6 years experience in IT security audit, architecture, engineer, risk monitoring, and/or equivalent combination of education and experience required
LICENSES AND CERTIFICATIONS- CISSP - Certified Information Systems Security Professional preferred
- CISA - Certified Information Systems Auditor preferred
- CEH - Certified Ethical Hacker preferred
- CCSP - Certified Cloud Security Professional preferred
- GSEC - GIAC Security Essentials Certification preferred
- GISP - GIAC Information Security Professional preferred
PHYSICAL DEMANDS AND WORKING ENVIRONMENTThe physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job.
- Dexterity of hands/fingers to operate computer keyboard and mouse - Frequently
- Lifting - Occasionally (up to 50 lbs)
- Sitting - Frequently
- Standing - Occasionally
- Noise Level - Moderate
- Typical Work Hours - M-F (8-5)
- Regular and Predictable Attendance - Required
**If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal 
