IT Risk Analyst

About The Position

Requirements

• Bachelor's degree, preferably in Accounting, Cybersecurity (Information Assurance), Computer Science, Information Technology, or similar
• 2-4 years of internal or external technology audit or risk assessment experience, including design assessment and control operating effectiveness testing
• Financial services industry experience, or previous history of successfully navigating a highly regulated and matrixed environment
• Detail oriented with the ability to examine and evaluate processes, controls, and issues to contribute to the successful and appropriate assessment of risk, while understanding how this applies to the holistic performance of the company
• Articulate and support responses to audit or other types of findings
• Ability to both work independently and collaborate effectively within a broader team and organization
• Excellent verbal and written communication skills, including the ability to effectively participate in discussions and meetings with internal management, key stakeholders, team members, and other groups involved in the technology risk assessment process
• Basic project and time management skills and ability to meet deadlines

Nice To Haves

• Exposure to risk frameworks such as NIST, CIS, COBIT, or ISO preferred
• CRISC, IT Risk Assessment/ Audit, CISSP, CISA, CISM or other industry-recognized risk and information assurance certifications preferred

Responsibilities

• Assist with the development and enhancement of Bank-wide technology risk assessment programs, by way of understanding regulations, rules, and requirements to which the Bank is subject, assessing risk against those standards, assessing control design against specified risks, and executing control operating effectiveness testing to determine overall control effectiveness as it relates to specific risks
• Conduct application and device risk assessments to gather risk specific information about technology applications and across various infrastructure components (network, storage, voice, etc.) to allow for risk assessment, design assessment, and control operating effectiveness testing
• Conduct initial interviews/walkthroughs with key stakeholders to establish understanding of controls that exist within the application or process to ensure that relevant controls are accurately documented and inventoried
• Frequent close collaboration with a wide range of stakeholders, both IT and non-IT, to perform the IT Risk Analyst’s duties, including walkthroughs, evidence gathering, and testing
• Partner with key stakeholders to identify and assess proposed plans to remediate identified issues and/or deficiencies and provide relevant input
• Participate in communications between IT/IS and the levying entity to serve as point of contact for issues handling (as agreed upon)
• In conjunction with the rest of the team, inform key stakeholders of assessment results based on the procedures performed, and the impact those results have on the Bank
• Document work performed, including supporting evidence, and results thereof in the Bank’s system of record
• Participate in the continuous improvement efforts of the IT Risk Assessment Team to enhance the risk assessment process and continue adding value to the overall program
• Demonstrate a proactive mindset for security education, awareness, and the IT environment

Benefits

• competitive compensation with performance‑based incentive awards
• health and dental insurance
• a 401(k) and DC retirement plan
• LTD and life insurance
• paid vacation
• day care reimbursement
• tuition assistance for undergraduate and graduate programs
• an award‑winning wellness program