Cybersecurity Risk And Controls Senior Analyst
Dallas, Texas, United States - Remote
Applications have closed
JOB DESCRIPTION
The Governance, Risk, and Compliance (GRC) Sr. Cybersecurity Risk Analyst is responsible for performing assessments of the Bank’s information security controls through inspections of policies and evidence of security and cyber-resiliency controls to validate operational effectiveness and identify gaps. Responsible for coordinating, developing, and managing controlling workflow activities and deadlines; maintaining, organizing, and gathering information. Collaborates with colleagues, management, and business partners to identify risks within the Bank to enhance the security controls and protect the Bank’s sensitive data.
- Maintain methodology and facilitate execution of inherent and residual IT application risk assessments and other technology risk assessments.
- Oversee/challenge risk control self-assessments (RCSAs) for risks related to the achievement of cybersecurity objectives.
- Maintain the technology- and information-related risk management framework/taxonomy, including identification and reporting of IT risks and Key Risk Indicators (KRIs) and ensure integration with Enterprise Risk Management (ERM) framework.
- Ensures work effort dependencies, assumptions, risks and issues are defined, documented and communicated to the appropriate lead and/ stakeholder.
- Leads risk assessments to identify risks to security and cyber resiliency controls. Documents overall effectiveness of operational controls within the Bank.
- Track and report Cybersecurity maturity against NIST Cybersecurity Framework (CSF) and FFIEC CAT.
- Directs, counsels, and instructs Jr Analysts assigned to assist on GRC projects and review their work for technical proficiency, reasonableness and adequacy of documentation
- Reviews internal and external security and technical processes (audit, vulnerability and penetration test results, cyber resiliency plans, etc.) to validate the effectiveness of operational controls.
Requirements
QUALIFICATIONS
EDUCATION
- Bachelor's Degree Business
- Computer Science
- Information Assurance
- Management Information Systems or related field
WORK EXPERIENCE
- 7 years in Risk Management
- Business Analytics
- Information Security
- IT Audit, or related field.
- Prior IT audit experience in public accounting or internal audit preferred
SKILLS
- CISA, CISM, CRISC or CISSP certification(s) required
- Strong written and verbal communication skills for report writing, business requirement proposals, technical policies, and methodology documentation.
- Sound interpersonal, negotiation, and influencing skills; ability to facilitate discussions around complex issues and bring them to resolution
- Solid analytical and problem-solving skills coupled with thoroughness and attention to detail is highly desired.
- Good understanding of industry practices and metric reporting fundamentals.
- Ability to adjust to rapidly changing security environment, prioritize deliverables and manage workflow.
- Ability to exercise sound judgment and make effective recommendations to management
- Ability to optimize and condense information and transform data into easily understandable concepts.
- Solid understanding of financial industry, risk management, and/or corporate security.
- Basic technical skills in MS Excel, PowerPoint, Word, and Project
- Knowledgeable in various cybersecurity areas such as: Identity and Access Management, Threat Intelligence, Vulnerability Management, Information Risk and Governance, Security Architecture, Monitoring, Incident Response, Security Strategy, and Cyber - Resiliency.
- Strong knowledge of security controls for the handling of Personally Identifiable Information (PII) data, regulations and security compliance requirements affecting financial institutions (FFIEC/GLBA)
- Strong knowledge of NIST CSF highly desired.
Benefits
Tags: Analytics Audits CISA CISM CISSP Compliance Computer Science CRISC Governance IAM Incident response Monitoring NIST Risk assessment Risk management Security strategy Strategy Threat intelligence Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Specialist jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs