Information Security GRC Analyst

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, a related discipline, or equivalent combined education and related work experience.
• Minimum of 2 years of experience in an information security or risk management role.
• Experience in one or more of the following domains: security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.
• Direct experience in information systems auditing or risk management preferred.
• Experience with the practical application of security control and risk management frameworks (NIST, FFIEC, CRI, ISO).
• Experience in creating and maintaining policies and procedures documents.
• Demonstrated ability to successfully execute initiatives in complex and highly regulated environments.
• Banking or financial services industry experience strongly preferred.

Nice To Haves

• Professional certifications including CISSP, CGRC, CCSP, CISA, CISM, CRISC, or certifications through GIAC or CompTIA.
• Familiarity with Payment Card Industry - Data Security Standard (PCI-DSS); Health Insurance Portability and Accountability Act (HIPAA); and the Center for Internet Security (CIS) benchmarks.

Responsibilities

• Provide supplementary expertise, consulting, analysis, assessments, and reports to management and cross-functional teams to improve the efficiency and effectiveness of cybersecurity risk management activities.
• Perform structured framework-oriented assessments to evaluate risks introduced through software, interconnections, systems, and processes delivered by both the organization and third-party providers.
• Assess and document the effectiveness of cybersecurity safeguards to identify deficiencies in organizational and third-party software, networks, systems, and processes regarding legal and regulatory requirements and cybersecurity standards.
• Propose suitable mitigation strategies and verify the effectiveness of remediation plans.
• Offer cybersecurity advisement and develop documentation to enhance the organization's risk governance procedures.
• Assess cybersecurity policies and procedures to ensure they comply with laws, regulatory requirements, and the organization's risk tolerance, and suggest enhancements.
• Support the creation of strategies for measuring and monitoring risk, compliance, and assurance.
• Stay current with new technologies and best practices relative to information security and privacy disciplines.
• Regularly monitor and communicate emerging industry developments and changes to federal, state, and industry laws and regulations.
• Continuously expand understanding of new technologies and best practices in the security and privacy disciplines.
• Exhibit sound business judgment, build trust, and provide practical security analysis while utilizing data-driven business cases to advocate for prudent security investments that enhance security controls and processes.
• Support the continuous improvement of the Bank's Information Security Team and promote a culture of innovation and accountability.
• Perform additional duties as required.