Senior Cyber Security Risk & Controls Analyst
About The Position
This remote position supports cybersecurity governance by performing risk and control self-assessments (RCSAs), evaluating cybersecurity controls, and supporting key risk management processes. The role helps identify risk and control gaps, assess cyber risks, and recommends improvements to strengthen the organizations cyber posture. The position provides risk analysis, documentation, and control development support across cybersecurity teams, acting as a resource for process owners and contributing to continuous improvement initiatives.
Requirements
- Bachelor's Degree and 8 years of experience in Information security, cybersecurity, risk management, or a related field OR High School Diploma or GED and 12 years of experience in Information security, cybersecurity, risk management, or a related field
- Experience performing risk assessments, RCSAs, or controls testing
- Working knowledge of cybersecurity processes, controls and risk concepts
- Familiarity with frameworks such as NIST CSF, NIST SP 800-53
- Ability to write clear, actionable control statements and assessment findings
- Strong analytical, documentation, and communications skills
- Ability to work collaboratively with technical and non-technical stakeholders
Nice To Haves
- 4-7 years of experience in Information or cyber security risk or control assessment
- Experience supporting cybersecurity programs within a financial institution or regulated environment
- Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC
- Understanding of threat landscapes, IT processes, and common control frameworks
- Experience supporting process improvements, control rationalization, or evidence evaluation
Responsibilities
- Execute cybersecurity process level RCSAs in partnership with business function owners and stakeholders
- Document risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards
- Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes
- Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements
- Partner with business function owners to periodically update inherent and residual risk ratings for process level risks
- Assist cybersecurity teams with updating control effectiveness and control environment ratings on a regular cadence
- Evaluate cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards
- Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements
- Participate in projects, assessments, or escalated tasks requiring risk and control expertise
Benefits
- Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates.
- More information can be found at https://jobs.firstcitizens.com/benefits.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Credit Intermediation and Related Activities
Number of Employees
5,001-10,000 employees
