Senior IT GRC Analyst

About The Position

Requirements

• 7-10 years of experience in information security, IT audit, or information technology operations.
• ServiceNow IRM/GRC experience to design/optimize workflow, reporting and implementing new features.
• Knowledge of risk management processes including internal audit and information security management.
• Experience evaluating controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).
• Knowledge of systems and network concepts including: access, authorization, configuration, and design.
• Demonstrated understanding of information security concepts including: encryption, access controls, network security, security operations, security architect, threat modeling and design.
• Knowledge of applicable regulatory requirements including PCI DSS, GLBA and HIPAA.
• Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.
• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.

Nice To Haves

• Bachelor's Degree in computer science or equivalent (preferred)

Responsibilities

• Lead Cybersecurity and IT governance, risk, and compliance efforts.
• Establish and maintain IT operating model.
• Facilitate the development of technology policies and standards.
• Maintain governance documentation detailing how information should be secured.
• Develop and maintain internal process/procedure documentation, including technology and cybersecurity policies and standards.
• Perform formal risk analysis and self-assessments for technology processes using industry frameworks (NIST CSF, FFIEC, CIS, ITIL, COBIT).
• Develop new and analyze existing internal technology and security controls for compliance.
• Ensure information systems comply with company policies, standards, and procedures.
• Provide advisory and subject-matter expertise to technology teams and business units for cybersecurity compliance readiness.
• Track and monitor gaps in the cybersecurity program.
• Maintain cybersecurity gap analysis documents and identify areas for improvement.
• Manage end-to-end issue management activities in ServiceNow (intake, validation, prioritization, assignment, remediation tracking, closure).
• Coordinate SOX IT Audit activities, serving as the liaison between audit and technology stakeholders.
• Lead the process to identify new assets and perform risk evaluations.
• Liaise with technology leaders and corporate risk groups (Internal Audit, External Audit, Corporate Compliance, Enterprise Risk Management, Legal).
• Demonstrate compliance with all bank regulations and complete required training.
• Keep up-to-date on regulation changes.
• Maintain working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security, and other applicable regulations.
• May coach, mentor, or train others as a subject matter expert.
• Actively learn, demonstrate, and foster the Columbia corporate culture.
• Take personal initiative and be a positive example.
• Embrace the vision to become “Business Bank of Choice”.
• May perform other duties as assigned.

Benefits

• Comprehensive healthcare coverage (medical, dental, and vision plans)
• 401(k)-retirement savings plan with employer match
• Employee assistance program
• Life insurance
• Disability insurance
• Tuition assistance
• Mental health resources
• Identity theft protection
• Legal support
• Auto and home insurance
• Pet insurance
• Access to an online discount marketplace
• Paid vacation
• Sick days
• Volunteer days
• Holidays