Cyber Risk & Controls Analyst

About The Position

Requirements

• Bachelors degree and 6 years of experience in cybersecurity, risk management or a related field or High School Diploma or GED and 10 years of experience in cybersecurity, risk management or a related field
• Experience performing risk assessments and RCSAs for technology, information security or cybersecurity field
• Working knowledge of cybersecurity processes including appropriate risk, controls, and risk taxonomies
• Experience with frameworks such as NIST CSF, NIST SP 800-53 and mapping controls to such frameworks
• Ability to write clear, actionable risk and control descriptions and assessment findings
• Strong analytical, documentation, and communications skills with attention to detail
• Ability to work collaboratively with technical and non-technical stakeholders

Nice To Haves

• 6 years of direct experience in cybersecurity risk or risk and control assessment
• Experience supporting cybersecurity programs within a large financial institution or regulated environment
• Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC
• Understanding of threat landscapes, IT processes, and common control frameworks
• Experience supporting process improvements, control rationalization, or evidence evaluation

Responsibilities

• Perform Cyber Risk Assessments including but not limited to information security standard exceptions risk assessments
• Support risk aggregation and reporting activities for Information Security Standard Exceptions
• Perform cybersecurity process level RCSAs in partnership with business function owners and stakeholders
• Implement risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards within system of record
• Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes
• Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements
• Perform updates within system of record for inherent and residual risk ratings for process level risks
• Perform updates within system of record for control effectiveness and control environment ratings on a regular cadence
• Support evaluation of cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards
• Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements
• Participate in projects, assessments, or escalated tasks requiring risk and control expertise

Benefits

• Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.