Job Title: Sr. IS Risk Management Analyst
Location: United States-IL-Chicago
What will your day look like?
You will be responsible for supporting Information Technology and Security (IT/S) Governance, Risk Management, and Compliance initiatives and projects. The incumbent will support requirements of the Risk Management program – identify, analyze, and facilitate decision-making and actioning on risks.
The Sr. Risk Management Analyst will focus mostly on Risk Management, as part of the Governance, Risk Management and Compliance (GRC) team, but will also assist in the other GRC areas of Governance and Compliance. They will ensure alignment with Enterprise Risk Management processes and organizational risk appetite. General direction is received from the Director, Governance, Risk Management and Compliance.
Do you see yourself doing this?
- Perform and lead risk management assessments and data security governance reviews for internal applications, infrastructure and service providers utilizing established IT risk assessment frameworks and assessment programs.
- Lead and assist in the execution of risk programs around FFIEC, NCUA, HIPAA, Privacy, NIST, and GLBA.
- Work closely with risk owners and stakeholders to gather required documents and address questions.
- Manage and execute projects to ensure design of controls that appropriately mitigate compliance/regulatory risks, including improving existing compliance/regulatory processes and controls.
- Prepare and present risk assessment findings, guide remediation plans and report on progress.
- Analyze and document findings, recommend and report program gaps to security leadership.
- Report key metrics including status of assessments, issue management, and risk management.
- Support timely remediation of regulatory and audit findings and recommendations.
- Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Support vendor due diligence to define third party risk management efforts.
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Assist with IT/S policies, standards, and procedures development and updates. Lead training and awareness session to explain the requirements to others.
- Identify organizational and regulatory requirements and draft IT/S controls required to meet.
- Participate in other security and audit compliance efforts.
- Interact with multiple cross functional teams to educate, train and address questions related to process, policies, controls and risk mitigation.
- Consider and promote continuous improvement in respective processes, controls and compliance certifications.
- Stay current and utilize industry standards and best practices to drive improvements in overall security posture.
- Learn, understand, utilize and administer our GRC platform.
Adhere to and ensure compliance of all business transactions with policy and process of the Bank Secrecy Act. Ensures compliance with all applicable state and federal laws, company procedures and policies. Maintains integrity and ethics in all actions and conversations with or regarding credit union members and their accounts; complies with Privacy Act directives.
What makes you a great fit?
You’ll be a great fit if in addition to the completion of a Bachelor’s degree in computer science MIS or related field, or equivalent industry experience, required, and you have:
- 7+ years of progressive experience in IT Governance, Risk Management, or Compliance (GRC) as a practitioner, with at least 2 years focused on IT Risk Management.
- Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, NCUA, PCI, SOX, HIPAA, Privacy and GLBA.
- Experience in one or more of the following: ISO 27001/2, ITIL or NIST.
- Strong business acumen and proven ability to align with security practices and compliance responsibilities.
- Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
- Capacity to understand legacy and progressive technology and security controls along with respective risk.
- Self-motivated and well-organized, with the vision to position controls in anticipation of threats.
- Working knowledge of technologies such as cloud computing, DevOps and application security is required.
- Track record of acting with integrity, being inquisitive, adaptable, and communicating effectively.
- Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure.
- Prior experience with leading GRC systems from vendors such as RSA, MetricStream, IBM or TruOps.
- Demonstrated problem-solving capabilities, and ability to manage complex local security requirements.
- Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.
- Maintain or is working toward one or more of the following Compliance, Risk Management, or Governance certifications: CRISC, CGEIT, CISM or CISA.
When you’re happy, we’re happy!
As a thank you for joining our team, you’ll benefit from:
- Competitive medical, dental, and free vision benefits
- Competitive compensation plan
- Contributions towards gym memberships
- Generous PTO and banking holidays off