Information Security, Technology & Resiliency Risk Analyst Sr

About The Position

Requirements

• Education level required: High School / High School Equivalency (GED, HiSET, TASC) / Foreign Equivalent. Business Management, Information Technology, Cybersecurity, or relevant field.
• Minimum experience required: 4+ years in an information technology, cybersecurity, business continuity, risk, audit, and/or compliance role
• Knowledge of core IS and cybersecurity controls (e.g. IAM, DLP, vulnerability management, security threat detection and response, networks, etc.).
• Exposure to technology platforms and processes (e.g. change management, IT asset management, system availability monitoring, Cloud computing technologies, DevSecOps, etc.
• Knowledge of business continuity and disaster recovery frameworks and processes (event scenarios, business impact analysis, recovery strategies, third party and supply chain implications, business process interdependency analysis, defining business work arounds, etc..).
• Strong knowledge of concepts and applicable interagency regulatory guidance (e.g. FFIEC).
• Knowledge of non-financial risk frameworks.
• Strong analytical skills with the ability to interpret data, draw conclusions, and formulate recommendations.
• Strong verbal and written communications skills.
• Ability to utilize advanced Excel functionality, create engaging and informative PowerPoint presentations, and work effectively in Word.
• Ability to provide outcome based risk oversight and challenge to first line risk management.
• Detail oriented with strong organizational skills, able to thrive in a fast-paced environment with multiple competing priorities at times.
• Demonstrates a strong ability to build and maintain effective relationships with stakeholders by communicating clearly, engaging in proactive collaboration, and leveraging cross functional insights.
• Aligns relationship building efforts with enterprise goals to accelerate performance and drive strategic results.
• Builds trusted client relationships, whether internal or external, by identifying needs and delivering tailored solutions to enhance the overall client experience.
• Fosters or supports a positive work culture and productive work environment, displaying importance of effective relationships with customers and stakeholders.

Nice To Haves

• Education level: Undergraduate Degree (4 years or equivalent)
• 2-3 years in a related function at a financial institution preferred
• Applicable technical, audit, enterprise risk, and/or compliance certifications and/or experience (e.g. CISSP, CISA, CRISC, etc.).
• Working knowledge of a GRC Risk Tool.
• Working knowledge of Microsoft Office tools, including excel, word, PowerPoint and Teams.

Responsibilities

• Provide independent, proactive oversight and challenge of Information Technology (including Cloud Computing), Cybersecurity, and Business Resilience capabilities at the Bank through execution of risk framework elements including RCSA, control assessment, issue management, incident reviews, targeted deep dives, key risk indicators and through embedded monitoring of relevant business functions and programs.
• Provide feedback to senior management in both first and second line of defense on risks, controls, testing, root cause analysis, remediation and reporting
• Assess and report on the Information Security and Resilience profile based on quantitative and qualitative risk measures including assessment of effectiveness of planned remediation/mitigation of excess risk exposure and compliance with key regulatory requirements.
• Performs special projects, and additional duties and responsibilities as required.
• Consistently adheres to regulatory and compliance policies and standards linked to the job as listed and complete required compliance trainings.
• Accountable to maintain compliance with applicable federal, state and local laws and regulations.

Benefits

• Flagstar provides teammates access to a variety of benefits including medical, dental, vision, life, and disability insurance, as well as a comprehensive leave program.