IT Systems Risk Analyst

About The Position

Requirements

• Demonstrable knowledge analyzing threats and vulnerabilities for inherent and residual risk.
• Working knowledge of regulatory compliance frameworks, e.g., GLBA, FFIEC, or similar.
• Thorough understanding of technology frameworks, e.g., NIST CSF 2.0, CIS, COBIT or similar.
• Understanding of the contemporary information security threat landscape and how to protect it via industry best practice policies, standards, and written guidance.
• Knowledge of cybersecurity EDR tools, risk remediation, and governance processes.
• General knowledge of security systems, e.g., firewalls, IDS, WAF, NAC, and net communications.
• Understanding data loss prevention, threat protection, group policy, and anti-malware tools.
• Knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, load balancers, mail transport systems and cybersecurity.
• Clear and concise written and verbal communication skills.
• Analytical, multi-tasking, hypothetical modeling, and critical thinking skills.
• Experience working with cross-functional leaders and stakeholders to devise risk mitigation plans and implement cybersecurity risk controls before evaluating their effectiveness.
• Proficiency with Microsoft Office Suite (Excel, Outlook, PowerPoint, Teams, SharePoint, and Word).
• 4+ years’ work experience in systems administration, cybersecurity, GRC, or Risk.

Nice To Haves

• Bachelor’s degree in a compositional, technical, or security field.
• Experience in using risk management platforms such as Optro, AuditBoard, or Archer.
• Security (Sec+, CySA+, CISSP, CEH) or GRC (CRISC, CGRC) certification(s).
• Banking industry experience.

Responsibilities

• Works closely with the IT GRC Manager, IT department stakeholders, and leadership for all duties.
• Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents, threats, trends, and techniques for employee consumption.
• Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank.
• Conducts formal Risk Assessments using CIA / IL and other risk frameworks.
• Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives.
• Conducts comprehensive risk assessments for the Bank’s technology assets, including hardware, software, and networking assets within the Bank’s Source of Record.
• Reviews CIS Level I Configuration reports and analyses to assess risks and gaps associated with departmental configuration initiatives.
• Taps industry accepted vulnerability databases cross-referenced with the Bank’s systems and assets to create priority plans for the most severe threats.
• Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations, which can become outdated or factually inaccurate as new technologies emerge.
• Contribute to internal system and asset Business Impact Analysis (BIA) from an IT risk perspective.
• Measure risks against the Bank’s risk tolerance and review control expirations and compensations.
• Reviews JML (Joiner/Mover/Leaver) Control health in the Bank’s internal systems.
• Coordinates with Vendor Management concerning EULA Licensure of IT vendors.
• Classifies vital statistics and data sensitivity labeling for IT systems.
• Assists with BC/DR (Business Continuity/Disaster Recovery) testing and documentation.
• Work with auditors and regulators for annual and/or bi-annual risk reviews.
• Participate in Change Advisory as needed.
• Perform all duties in relation to the Bank Secrecy Act under the guidance of the BSA Officer.