As an IT Risk Analyst III, you will be a member of the bank’s Information Security organization. This position performs complex documentation, data gathering, and analysis to support the Information Technology (“IT”) department of the Bank. The role identifies and implements technical solutions that ensure the information security of Bank data. Secondly, the analyst determines business requirements and establishes suitable processes while ensuring compliance with all applicable regulations, policies and standards. The position facilitates audits, evaluation, and testing of the internal control system to identify and mitigate IT risk. The role implements upgrades and process improvements. Lastly, the analyst assists management with special projects and may occasionally oversee less experienced analysts.
- Governance, Risk and Compliance - Provides oversight of information security services including but not limited to suggesting and monitoring key indicators, guiding management in making risk-based decisions, and driving compliance of information security policies and standards.
- Security Assessments - Supports information technology (IT) and information security risk assessments. Conducts IT control testing of systems to determine effectiveness. Aids audits, business partners, and third-party risk assessments and control testing as necessary. Assists with the development of technical business solutions that address information security risks.
- Business Support - Supports business functions by responding to inquiries, identifying issues, and providing education, awareness, training and communication of information security policies and standards. Assists in resolving escalated and complex technical matters. Serves as an expert resource to associates, management, and business units. Provides business continuity support and leads the incident response for information security and non-system based incidents.
- Data Analysis - Sources, compiles, and interprets data. Performs requirement gathering sessions and other methods of sourcing data. Analyzes relevant business, regulatory, process, and system information to determine the effectiveness of the internal control system. Utilizes results of analysis in process development and reporting. May assist with data management initiatives.
- Reporting - Produces reports based on the results of analysis as well as identified discrepancies, inquiries, or risks. Documents and tests methods or procedures that support business processes. Conveys information to the appropriate parties.
Bachelor's degree and 6 years of systems engineering, networking or information security technology experience.
High School Diploma or GED and 10 years of systems engineering, networking or information security technology experience.
- Working knowledge of standard risk management/control frameworks such as NIST, COBIT, and ISO.
- Active listening and assimilation of information skills.
- Ability to travel as needed Intermediate.
- Ability to think critically and effectively solve problems.
- Analytical skills - data.
- Communication skills - verbal and written.
- Detail and deadline oriented.
- Applicable certifications, ex: CISSP, CRISC, CISA.