Risk Analyst - IT, Cyber Risk & Assurance

About The Position

Requirements

• At least 3 years of working experience in IT controls testing, IT Risk, IT Audit and/or Cybersecurity positions; or in consulting IT/Cyber role with a broad view of Information Technology or Information Security controls.
• Working Knowledge of IT and cyber frameworks and financial institutions laws and regulations (E.g. NIST, COBIT, FFIEC, etc.). Experience defining, reviewing and documenting IT / Cyber policies and procedures.
• Excellent analytical skills to identify situations, look for alternatives and make good decisions. Medium to Advance Knowledge in Excel is preferred
• Excellent written and verbal communication in English and Spanish
• Critical thinking ability.
• Excellent organizational skills are required to establish priorities, multitask, work under pressure, and meet deadlines.
• Excellent interpersonal skills and teamwork.
• Proficient in Microsoft Office: Word, Excel, PowerPoint, and Outlook

Nice To Haves

• IT or Cyber certifications preferred (e.g. CISA, CISM, CISSP, CGEIT, CRISC, etc)

Responsibilities

• Support the development and maintenance of the IT & Cyber Risk and Control Matrix in alignment with regulatory requirement and industry best practices dictated by frameworks such as NIST, COBIT, FFIEC, CCM, and others.
• Prepare, generate, and provide materials (e.g., risk scorecards, dashboards, dashboards, and metrics required for various Risk Committees, Senior Management Team and Executives by the required due dates.
• Monitor compliance with mitigation and remediation plans adopted by the Cybersecurity and IT business units.
• Review and provide second line effective challenge on policies, standards, risk acceptances and escalations, and control implementations related to the IT and Cybersecurity domain to ensure alignment with the IT & Cyber Risk and Control Matrix.
• Provides guidance and assistance in the execution of the IT & Cybersecurity Risk and Control Self-Assessments (RCSAs), translates control deficiencies into action plans and provides recommendations to Management on how to better enhance controls.
• Support Management in regulatory interactions by coordinating meetings, preparing and reviewing documentation and meeting materials, and facilitating onsite meetings.
• Develop and conduct training to business unit's liaisons on the various Cybersecurity and IT topics.
• Develop, calculate, and review key risk indicators and other reporting metrics while defining data quality and integrity checks over the data.
• Perform trends analysis to identify potential issues and perform root cause analysis to provide recommendations to Management on how to better manage their IT & Cyber risk posture.