Sr. Security Risk Analyst

Job Title: Sr. Risk Analyst 

Location: Remote 

Position Description: 

Reporting to the Business Information Security Officer (BISO) the Senior Information Security Risk Analyst will lead specific information security risk management related activities that protect its clients while complying with applicable regulations and policies. The Senior Information Security Risk Analyst provides subject matter expertise and leadership to improve the organizations security policies and security risk management processes by establishing a framework of controls so that the Bank can manage risk meet regulatory compliance and maintain governance over all aspects of IT. The Senior Information Security Risk Analyst will have responsibilities to ensure that identifies risks and treats them in a timely manner while reporting the current level of exposure to known threats. The role includes implementation and maintenance of policies as well as training and awareness plus vendor risk management responsibilities. The position requires experience of information security risk management in a regulated environment using industry standard risk and control frameworks. This role will work closely with Enterprise Risk Management (ERM) leaders.

 Position Accountabilities

• Lead all audit prep and response across InfoSec and IT. Coordinate response to Internal Audit document requests stage content and conduct reviews for completeness.
• Support Controls Policy Standards and Procedures maturity program for InfoSec and IT to meet mandatory FFIEC SOX requirements and a threat/risk-based controls program buildout.
• Perform security risk analysis with the goal of identifying risk and elevating the companys security posture.
• Serve as a subject matter expert and trusted advisor as part of establishing relationships to support risk-based decision making across business IT and the broader stakeholder community at the Bank.
• Contribute to Information Security reports for Technology and Third-Party Risk Committee (TTRC) Cybersecurity Working Group (CSWG) and Operational Risk Committee as necessary.
• Lead efforts to track and remediate risk when those risks are determined to have a threat to the Banks safety soundness or reputation. Track risks and issues and ensure their on-schedule remediation in alignment with the ERM issues management process.
• Establish and maintain processes for managing security-related audits control assessments compliance checks and external assessments across Business IT and Information Security. Ensure timely and complete responses to evidence requests and compile management responses and remediation plans as needed.
• Emphasize the application of privacy security business resiliency and compliance frameworks including but not limited to FFIEC (Federal Financial Institutions Examination Council) Sarbanes-Oxley (SOX) Gramm-Leach-Bliley Act (GLBA) Service Organization Controls (SOC) 2 PCI-DSS and ITIL V3/4 processes.
• Evaluate risk and controls by executing targeted testing of processes.
• Develop and publish policy standards and procedures for implementation based on the Banks risk appetite industry best practice guidance and based on a detailed knowledge of the regulatory and stakeholder requirements.
• Track and ensure all policies standards and procedures are updated timely.
• Collaborate with the ERM team to design and maintain a risk and controls matrix mapped to applicable regulatory and selected framework controls and in alignment with the agreed risk appetite.
• Participate in the vendor risk assessment process and provide security risk assessment services and contract reviews to ensure that third parties meet the Banks information security control requirements.
• Support cyber training and awareness program Cyber Tabletop exercises Red Team Exercises penetration testing and ensure all findings are addressed timely via the risk issue management process.
• Establish and lead a metrics program designed to track key risks and key performance indicators across the cyber security program and report them regularly to information security management and business leadership.
• Lead the configuration integration and optimization of Governance Risk and Compliance (GRC) platforms such as RSA Archer ServiceNow and similar tools to support risk assessments control monitoring issue tracking and regulatory reporting.

Organizational Relationship

This assignment reports to the Business Information Security Officer (BISO).

Qualifications :

Education & Experience:

• Between 6 - 10 years experience in one or more information security roles including security risk analysis and control design compliance and risk management security control process assurance or audit of technology controls
• Bachelors degree in information security Computer Science Management of Information Systems or related field required. Masters degree in a related field is an advantage.
• Professional security risk management certification is required such as a Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) or other similar credentials.

Knowledge & Skills:

• Proven experience configuring managing and optimizing RSA Archer solutions with a strong understanding of GRC frameworks and integration of risk data across multiple business units.
• Proficient in GRC platforms including RSA Archer ServiceNow and other risk management tools. Experienced in automating workflows building dashboards and supporting enterprise risk and compliance programs.
• Demonstrated deep background (preferred 4 years) in risk treatment controls selection and information security controls process design.
• Demonstrated knowledge of IT infrastructure cloud (SaaS IaaS) and application security technology and related controls and products is required.
• Direct hands-on experience with information security policies standards and industry leading practices in a regulated financial services environment is essential.
• Demonstrated experience working directly with internal audit and regulator teams to satisfy audit requests present evidence and provide management responses to findings that are identified during the audit or assessment.
• Demonstrated experience with security processes and technology solutions that align with controls for FFIEC SOX Section 404 ISO 27001/2 Center for Internet Security (CIS) Critical Security Controls (CSC) or National Institute of Standards and Technology (NIST) 800-53 guidelines is preferred.
• Experience applying the FFIEC Cybersecurity Assessment Tool (CAT) Tool in a banking environment is preferred.
• Track record of delivering security governance risk and compliance projects under tight deadlines.

o   Capable of working with diverse teams and promoting a positive enterprise-wide security culture.

o   Demonstrated project management multitasking and organizational skills.

o   Detail-oriented with excellent written and verbal communication skills interpersonal and collaborative skills

o   Self-driven and able to work in an agile team within a large enterprise organization as well as independently.

o   High level of personal integrity high degree of initiative dependability and ability to work with limited supervision.

Additional Information :

Thanks & Regards 

Praveen Kumar

Sr. Recruiter

Zillion Technologies Inc

E-mail: praveen(at)zilliontechnologies(dot)com 

Phone:  

Remote Work :

Yes

Employment Type :

Full-time