Risk Assessment Analyst – Extended Security Program
Cincinnati, OH (Remote)
Contract to Hire
Supports the execution of risk management programs for Information Technology and Information Security. Maintain a balance between increased efficiency and appropriate risk mitigation and controls for the Line of Business (LOB)/function in alignment with Risk Management vision and strategy and the LOB strategic plan. The Technology and Information Security Analyst provides oversight and credible challenge to LOB/functions and escalates concerns, as appropriate, in support of the Bank's Risk Management Framework.
This position is responsible for providing oversight and challenge to technology and information security activities. This position is responsible for hands-on execution of control/risk assessments and the development of control enhancement recommendations.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Supports the Information Security Extended Security Program team in the execution of responsibilities to conduct risk assessments, assist with self-assessment programs, perform technical research on information security and risk topics, and other activities that support information security risk management goals.
- Understands operational risk program elements (i.e. IT/CSRM, RCSA, BCRA, KRI, etc) methodology, governance, standards, and procedures, including templates and overall framework.
- Understand the organizational structure and primary objectives of the LOBs supported.
- General understanding of key data privacy regulations (e.g. GLBA, PCI DSS, CCPA, GDPR)
- Ensure the operational risk appetite is understood by the business.
- Partner with LOB for risk issue identification, escalation, and resolution. Oversee the identification and documentation of operational processes, risks, and controls.
- Serve as resource and provide guidance to the LOB on risk management issues.
- Provide oversight of LOB risk Program activities including, but not limited to, key risk indicators, risk control assessments, business change risk assessment, policy/guideline reviews, and third-party risk support.
- Performs periodic reviews of LOB procedures and provides guidance for new processes.
SUPERVISORY RESPONSIBILITIES: None
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED
- 3 years of information technology experience required. Desired experience should include a foundation in IT security and controls. While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
- Relevant technical or professional certification, such as CISM, CRISC, CISA or CISSP, is a plus
- Expertise in technology and security frameworks such as NIST, COBIT and ITIL are strongly desired
- Bachelor's degree required, preferably in computer science or information systems.
- A clear understanding of the Bank's approach to the management of operational risk, or equivalent experience gained in other organizations is preferred
- Professional verbal and written communication skills and the ability to communicate with discretion and understanding when confidentiality is required.
- Must demonstrate intellectual curiosity, be analytical and possess the ability to interpret and apply policies and regulations across a complex business(es).
- A general understanding of banking regulations is a plus.
- Must be results and goal oriented, possess sound judgment and ability to apply logical/critical thought processes when approaching work or making recommendations for solutions.
- Ability to work in a dynamic work environment that requires multiple demands, shifting priorities, and rapid change.
- Must be able to maintain independence and objectivity in all aspects of position.
- Working knowledge of Microsoft Office products. Demonstrated ability to learn applications and internal banking systems.
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.