Lead IT Risk Control Analyst

About The Position

Requirements

• Bachelor's Degree or equivalent
• Minimum of 12 years’ experience in Information/Cyber Security field
• Minimum 10 years of information security monitoring and response or related experience.
• Minimum of 3 years’ experience managing or coordinating resources such as people or projects
• Demonstrated experience analyzing complex Information Security data sets within subject area specialty.
• Demonstrated knowledge of Information Security landscape -- threats, trends, technologies.
• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk.
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
• Strong commitment to working as a team and providing excellent customer service.
• Exposure to banking or equivalent highly controlled technology environment is preferred.
• Proven experience in managing compliance with financial industry regulations and standards.
• Strong analytical skills to triage identified security vulnerabilities, risks, and design and implement effective mitigation strategies is preferred.
• Excellent communication skills, capable of effectively engaging and influencing various stakeholders from IT security technicians to executive management.
• Strong understanding of network infrastructure, database security, and data protection technologies is preferred.
• Experience with risk assessment tools, technologies, and methods.
• Familiarity with third party risk management and SOC reports.
• Minimum 2 years audit and assessment engagement management experience.
• Proficiency in creating and maintaining policies and compliance documentation.
• Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, and GDPR.
• Excellent communication, analytical, and organizational skills.
• Represents basic qualifications for the position. To be considered for this position, you must at least meet the required qualifications.

Nice To Haves

• Master’s degree in business, computer science or related field preferred.
• Professional certifications (CPA, CISA, CISM, CISSP, GSEC, etc.) are highly desired.
• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.).
• Experience in banking/financial industry is strongly preferred.
• Formalized training in cyber security analysis or assessment techniques.
• Big 4 experience is highly preferred.

Responsibilities

• The role supports CNB IT in the creation of analytics & reporting to enhance senior management’s ability to anticipate and manage risks effectively.
• Manage the development and execution of first line risk management reporting including setting direction, goals and management awareness of risk and controls.
• Develop and execute end-to-end change management of processes to gather and analyze relevant information.
• Leads the development and execution of processes to support the delivery of Risk Management reporting including the support of audience stakeholder groups.
• Lead analysis and documentation of information to support risk drivers & metrics.
• Assess risk within subject specialty area to evaluate the design and effectiveness of IT controls.
• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum IT and security standards.
• Partner with external partners, vendors, as applicable, to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment.
• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities.
• Highlight industry-based methodologies, techniques, or standards (FAIR, NIST, FFIEC, CSA, etc.) used as the basis for analysis efforts.
• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline.
• Participate in other IT risk support projects and duties as needed or requested.
• Develop and implement a comprehensive IT risk management framework tailored to the needs of the banking/financial technology environment.
• Conduct thorough risk assessments to identify vulnerabilities and evaluate risk in the context of financial sector threats and compliance mandates.
• Work closely with IT, security, and compliance departments to align risk management strategies with business objectives and regulatory obligations.
• Monitor and report on the effectiveness of risk mitigation and the compliance of IT systems with internal requirements as well as established industry standards such as PCI-DSS, FFIEC, GLBA, etc.
• Develop and oversee a training program for employees on effective risk management and compliance requirements to foster a risk-aware culture.
• Stay abreast of emerging security threats, technologies, and potential impacts on the financial services industry.
• Develop and maintain a comprehensive IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
• Conduct risk assessments to identify vulnerabilities, assess potential impacts, and determine appropriate measures to manage risks effectively.
• Collaborate with IT and security teams to implement risk mitigation strategies and solutions.
• Monitor and report on compliance with IT/security policies, as well as the effectiveness of the controls and requirements.
• Provide training and guidance to staff on risk management and operational process hygiene.
• Stay informed about the latest control challenges and regulatory changes that may affect the organization.

Benefits

• Comprehensive healthcare coverage, including Medical, Dental and Vision plans, available the first of the month following start date
• Generous 401(k) company matching contribution
• Career Development through Tuition Reimbursement and other internal upskilling and training resources
• Valued Time Away benefits including vacation, sick and volunteer time
• Specialized health and family planning benefits including fertility benefits, and cancer, diabetes and musculoskeletal support programs
• Career Mobility support from a dedicated recruitment team
• Colleague Resource Groups to support networking and community engagement