Analyst, IT Risk Management

About The Position

Requirements

• Minimum of a Bachelor’s degree in Computer Science, Cybersecurity, MIS or related degree and three to five (3-5) years of relevant experience in auditing or risk assessing or combination of education, training and experience.
• Knowledge of FFIEC CAT or other security frameworks
• Familiarity with Enterprise Risk Management concepts and processes
• Experience Interfacing with Internal Audit and regulators
• Executive-level briefing and communication skills
• Organization skills and precise attention to detail
• Effective in managing, influencing and negotiating with senior stakeholders within IT, Internal Audit, and Regulators.
• Experience in enterprise risk management concepts and risk assessments.
• Experience within a highly regulated environment like Financial Services required.
• May occasionally work a non-standard shift including nights and/or weekends and/or have on-call responsibilities.
• Advanced knowledge of the following:
• IT controls and risks sufficient to identify and evaluate control effectiveness and identify gaps between risks and controls.
• Recognized IT control frameworks and standards (e.g., COBIT, ITIL, and ISO 17799).
• Accepted industry audit and control standards (e.g., AICPA, ISACA).
• State and federal information protection and control-related legislation (e.g., GLBA, SOXA 404, SB 1386, HIPAA, etc.).
• Technical skills and proficiency in a wide array of platforms and systems (e.g., Windows, UNIX, SQL, Tandem).

Nice To Haves

• Experience with ServiceNow platform, IBM OpenPages
• Experience with regulatory exams and audits (FINRA, FRB, OCC, SEC, etc.) is a strong plus.
• Industry recognized certifications preferred but not required

Responsibilities

• Responsible for IT Functional Business Unit Risk Manager (BURM) duties
• Maintain the IT risk register, EITRB deck, ORMC/Risk Committee of the BoD decks, issues management, CRI Profile adherence, and Key Risk Indicator (KRI) submissions.
• Seeks understanding of risks and procedures sufficient to understand the reasons for tasks being performed.
• Serves as a senior information risk and control advisor, participating in IT processes and activities (e.g., planning, systems development and product selection, etc.).
• Advises process owners on the design and implementation of IT controls (manual and automated) into processes and systems using knowledge of risks and company objectives.
• Identifies, implements, and maintains processes and tools to support assurance, compliance, and remediation tracking activities (e.g., testing, maintenance of controls documentation).
• Maintains IT controls-related documentation (e.g., narratives, process flows, RCM) for simple to complex information systems in support of information assurance and compliance activities.
• Develops and uses basic interview techniques and participates in facilitated risk identification sessions.
• Analyzes controls for adequacy of design and performs and/or supports control assurance testing activities.
• Assists IT process owners, in the creation and maintenance of IT policies and procedures to support information assurance and regulatory compliance activities, by providing input on control objectives and activities.
• Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure IT compliance.
• Performs other duties and responsibilities as assigned.