Technology Risk Analyst

About The Position

Requirements

• Ability to work independently, interpreting ideas and facts.
• Ability to analyze and interpret federal and state laws and/or regulations.
• Strong sense of collaboration and ability to develop positive relationships with all levels of management and key business stakeholders.
• Strong written communication skills.
• Ability to make effective presentations in a group setting.
• Ability to effectively communicate complicated problems to non-technical staff.
• Maintain a high level of confidence and integrity in order to provide independent judgment and privacy of customer and company information.
• Intermediate knowledge of the Microsoft Office Suite items, including Excel, Outlook, PowerPoint and Word.
• Knowledge of risk management software is required.

Nice To Haves

• Strong knowledge of LogicManager specifically.
• A Bachelor’s degree in a related field (Computer Science, IT Security, or Risk Management, etc.) is preferred, or equivalent practical experience.
• Exposure to third-party risk or risk management (such as internships, coursework, or professional experience) is helpful.
• Experience in a financial institution is preferred but not required.

Responsibilities

• Coordinates with business areas/vendor owners and assist with new third-party vendor onboarding reviews and with continued due diligence reviews based on vendor risk rating. Set review dates, tracks review progress, ensure appropriate documentation is maintained and follows up with the vendor/business area as needed.
• Review and evaluate the adequacy of reports received for critical and essential vendor oversight to ensure exceptions are resolved, impact analyses are performed, and control considerations are addressed by business areas.
• Monitors Google alerts for Critical and Essential vendors in the event of an acquisition or data breach.
• Retrieve quarterly OFAC reports for the Financial Investigation Department.
• Collaborates with Accounts Payable to onboard new vendors through the new vendors report.
• Works collaboratively with business areas to analyze new and renewing vendor contract terms and provides recommended changes to be in line with policy.
• Oversee the Bank’s Information Technology Risk Assessment process in close collaboration with IT Security.
• Works with System Owners to identify and understand the applications the Bank uses.
• Reviews application risk assessments and is responsible for identifying, analyzing, monitoring, reporting, and minimizing information technology risks.
• Facilities AI reviews for applications that leverage AI with IT Security.
• Provides administrative oversight for application-specific security.
• Works closely with System Owners to understand the applications the Bank uses and to keep application security forms up to date.
• Ensures User Access Reviews, Generic User Reviews, Independent User Access Reviews, Independent Admin Activity Reviews, and Quarterly Password Changes are completed in line with the Network Security Program.
• When application-specific exemptions arise, works with IT Security to appropriately report and approve exemptions.
• Creates, updates, and generates procedures and reports for Vendor management and Applications management to be in line with banks policies.
• Perform policy reviews during the Annual Corporate Policy review process for applicable policies.
• Communicates results/recommendations/issues for any third-party vendor/application effectively to all levels of management.
• Generates monthly reports and memos for Risk Management Committee.
• Develops and maintains a “system of truth” that identifies employee access to applications.
• Assists managers in identifying access levels that need to be removed when roles change or terminate.
• Performs periodic reviews of the GLBA, Authentication & Access to FI Services and Systems, and other risk assessments.
• Works closely with business areas and IT Security to ensure reviews are completed in alignment with guidance and key controls are monitored appropriately.
• Assists impacted departments with creating action and remediation plans.
• Manages the onboarding and off-boarding of vendors and applications in LogicManager.
• Supports the management of the centralized third-party risk management platform.
• Provides support, education, and training to staff to build vendor and application risk awareness within the company.
• Assist in audit, compliance, and pre-exam requests for vendor and application due diligence documents.
• Responsible for building long-lasting relationships with customers, community and colleagues through the embodiment of our Core Values: Integrity, Service, Teamwork, Excellence and Prosperity.
• Other job duties, as assigned.

Benefits

• Medical, dental and vision insurance
• a 401(k) Plan with a generous employer contribution plus match
• Income protection benefits
• Educational assistance and tuition reimbursement benefits
• Remote work and flexible scheduling options
• Generous total paid time off