Responsibilities include ensuring compliance with regulatory requirements, managing interactions with regulators, and overseeing remediation activities. This role involves end-to-end ownership of information security related regulatory exams, from pre-planning three to four months out through fieldwork and close out. Pre-planning includes bringing all stakeholders together, setting expectations, surfacing gaps and areas of regulatory focus, and building the right stakeholder list. During “field work”, orchestrating and collecting evidence and responses from multiple groups, getting regulator questions answered, and ensuring complete and high-quality submissions. The role also involves translating regulatory language into actionable execution for stakeholders and providing executive level reporting including KRIs, dashboards, and status updates. Ensuring consistency of responses across regulators so that the bank is not giving conflicting answers to similar requests is also a key part of the role. This position participates on complex, comprehensive or large projects and initiatives and acts as a lead expert resource in technology controls / information security for project teams, the business / organization and/or outside vendors. The analyst will have advanced knowledge of organization, technology controls / security/ risk issues and will guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards, and incidents. The role includes conducting risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas. It also involves leading or contributing to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy. Contributing to the definition, development, and oversight of a global security management strategy and framework is also required. Ensuring technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against our business is crucial. Developing on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area, and influencing behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise are also key aspects of this position.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed