Senior IT GRC Analyst

About The Position

Requirements

• 7-10 years of experience in or a combination of information security, IT audit, or information technology operations.
• ServiceNow IRM/GRC experience to design/optimize workflow, reporting and implementing new features.
• Knowledge of risk management processes including internal audit and information security management.
• Experience evaluating controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).
• Knowledge of systems and network concepts including: access, authorization, configuration, and design.
• Demonstrated understanding of information security concepts including: encryption, access controls, network security, security operations, security architect, threat modeling and design.
• Knowledge of applicable regulatory requirements including PCI DSS, GLBA and HIPAA.
• Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.
• Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.

Nice To Haves

• Bachelor's Degree in computer science or equivalent (preferred)

Responsibilities

• Lead Cybersecurity and IT governance, risk, and compliance efforts.
• Establish and maintain IT operating model.
• Facilitate the development of technology policies and standards.
• Maintain governance documentation detailing how information should be secured.
• Maintain and develop internal process/procedure documentation including technology and cybersecurity policies and standards.
• Perform formal risk analysis and self-assessments for technology processes using industry frameworks/standards like NIST CSF, FFIEC, CIS, ITIL, and COBIT.
• Develop new and analyze existing internal technology and security controls.
• Ensure compliance with documented and approved standards and frameworks.
• Ensure information systems comply with company policies, standards, and procedures.
• Provide advisory and subject-matter expertise to technology teams and business units for cybersecurity compliance readiness.
• Track and monitor gaps in the cybersecurity program.
• Maintain cybersecurity gap analysis documents.
• Gather information from technology and lines of business to identify areas to improve banking practices.
• Manage end-to-end issue management activities in ServiceNow.
• Coordinate SOX IT Audit activities, serving as the primary liaison between audit and technology stakeholders.
• Lead the process to identify new assets and perform risk evaluation.
• Facilitate and liaise with technology leaders and key corporate risk groups.
• Demonstrate compliance with all bank regulations for assigned job function.
• Keep up to date on regulation changes.
• Follow all Bank policies and procedures, compliance regulations, and complete all required training.
• Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security and other regulations.
• May be asked to coach, mentor, or train others and teach coursework as subject matter expert.
• Actively learn, demonstrate, and foster the Columbia corporate culture.
• Take personal initiative and be a positive example for others to emulate.
• Embrace the vision to become “Business Bank of Choice”.
• May perform other duties as assigned.

Benefits

• Comprehensive healthcare coverage (medical, dental, and vision plans)
• 401(k)-retirement savings plan with employer match
• Employee assistance program
• Life insurance
• Disability insurance
• Tuition assistance
• Mental health resources
• Identity theft protection
• Legal support
• Auto and home insurance
• Pet insurance
• Access to an online discount marketplace
• Paid vacation
• Sick days
• Volunteer days
• Holidays