Information Security Senior Analyst
About The Position
Hilltop Holdings is looking for a Information Security Senior Analyst! Reporting to the Information Security Risk Director, the Information Security (IS) Senior Analyst is a critical second line of defense role driving Hilltop Holdings to understand, implement and regularly validate compliance to information technology and information security control and risk management practices that meet regulatory, contractual and company policy obligations. This position will ensure the implementation and operation of the information technology and information security control and risk management function while shaping the processes, practices and establishing the controls and compliance culture. This position will support the GRC Governance, Third Party Risk and Compliance processes, manage risk, ensure critical controls are implemented and operating effectively, and ultimately help reduce corporate Technology & Operations department, corporate and Line of Business risk. The Information Security Senior Analyst is a key member of the Information Security Risk team. This team is responsible for the risk assessment, planning and evaluation of IT general controls, SOX controls and reporting, and NIST 800-53 controls including execution of the annual cyber risk assessment of the Information Security Program and implementing and maintaining the Information Security risk register. The position provides broad exposure to various levels of management, including senior leaders in Internal Audit, Finance, Human Resources, Marketing/Sales, Vendor Risk Management, Information Security, Information Technology, and Legal along with Line of Business senior leaders. The Information Security Senior Analyst will manage day-to-day efforts of the GRC Controls and Risk team. Activities will include the evaluation of findings, providing recommendations to Technology leaders and, assisting in remediation planning and tracking, supporting definition of GRC automation needs including reporting requirements, maintaining the control framework (library, applicability and control plan updates), leading control assurance testing, regularly interacting with control owners and assisting in compliance awareness efforts while supporting compliance obligations as required.
Requirements
- Minimum BA/BS or equivalent work experience in audit, security assurance, management information systems or a related field preferred
- Work experience in GRC areas preferred (e.g. risk management, compliance & regulation, controls automation, continuous controls monitoring and security)
- 5+ years of governance risk and compliance (GRC) or related security experience
- Ability to manage projects across multiple teams or groups (strong organization skills)
- Strong attention to detail in evaluating the completion of various project phases
- Ability to prioritize assigned work and complete activities in a timely manner
- Excellent written and oral communication skills, and the ability to clearly communicate requirements to a wide range of individuals
- Ability to work independently and in a team environment
- Proficiency with Word, Excel, and PowerPoint (required)
- Pursue opportunities to develop existing and new skills outside of comfort zone
- Focus on building trusted relationship
Nice To Haves
- Proficiency with AuditBoard (Optro) (preferred)
- Industry relevant certification (CISA, CRISC, Etc.) within one year
Responsibilities
- Leading the ITGC controls testing in alignment with company, customer, and regulatory obligations
- Provide guidance and oversite to control owners in handling audit findings and remediation, compliance, controls, assurance testing plans, testing results and overall challenges
- Ensure control testing deficiencies are properly documented with action plans implemented for timely remediation.
- Identify and prioritize improvements in control and risk processes, including automation vs manual processes
- Provide support in determining training/education needs (based on interaction with control plan owners)
- Support the ongoing evaluation of cybersecurity capabilities to determine the maturity and effectiveness of capability implementation using various cybersecurity and IT Risk frameworks (NIST, ISO, COBIT, CIS, etc.).
- Collaborate with stakeholders and internal business partners to assess cyber risk and evaluate the design and effectiveness of cybersecurity controls within the line of business.
- Lead staff interviews, evidence collection, and surveys (where applicable), review business process descriptions, analyze business and workflow.
- Aggregate and evaluate risks, develop and maintain a risk register, perform risk analysis and quantification to enumerate top risks and provide risk reporting
- Maintain strong knowledge of the regulatory requirements and core cyber security and risk practices/standards by participating in professional associations, attending educational workshops, reviewing professional publications, and self-learning opportunities.
- Participate in risk and other management forums and contribute to continuous improvement of cyber risk practices
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
