IT Risk Management Senior Analyst Position Available In Mecklenburg, North Carolina

IT Risk Management Senior Analyst
30 Hudson Street, Jersey City, New Jersey, US, 07302; Charlotte, North Carolina
10877
Hybrid
Information Technology
Apply Now
Job Description

IT RISK MANAGEMENT SENIOR ANALYST

WHAT

IS THE OPPORTUNITY?

“The IT Risk Senior Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment. Focus areas of IT Control assessment by the ITRM Security Senior Analyst includes fit for purpose review and challenges and process/risk/control (PRC) reviews to evaluate and overall control program effectiveness in mitigating risk. The ITRM Senior Analyst’s goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely performing review and challenge reviews agains 1LOD testing practices specific to T&I controls, authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information. The ITRM Senior Anlayst keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank’s overall risk appetite. This is an advanced senior professional with wide ranging experience uses professional concepts and to resolve complex issues in creative and effective ways. Serves as an expert in own discipline or area of specializationWorks on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors”

WHAT WILL YOU DO?

Perform fit for purpose review and challenges specific to IT (T&I) controls tested by 1LOD Testing team
Provide guidance to 1LOD colleagues to ensure testing practices meet internal standards.
Support regulatory requirements and deliverables as needed
Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
Participate in other projects and duties as needed or requested

WHAT DO YOU NEED TO SUCCEED?

Required Qualifications
Bachelor’s Degree or equivalent
Minimum of 12 years’ experience in Information/Cyber Security field
Minimum of 6 years’ experience in cyber security operations, incident response, IT risk management or investigations
Additional Qualifications
Demonstrated experience analyzing IT control testing attributes and evidence to properly evaluate and conclude control effectiveness Demonstrated knowledge of cyber security landscape — threats, trends, technologies
Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
Strong commitment to working as a team and providing excellent customer service.
Exposure to banking or equivalent highly controlled technology environment is preferred
Masters’ degree in business, computer science or related field preferred
Security certifications (CISSP, GSEC, etc.) are highly desired.
Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
Experience in banking/financial industry is strongly preferred
Formalized training in cyber security analysis or assessment techniques

WHAT’S IN IT FOR YOU?

Compensation
Starting base salary: $92,114 – $156,880 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.