IT Risk Analyst, 2nd Line Audit

Sr. Information Risk Analyst

Our Sr. Information Risk Analyst is responsible for the strategic development, implementation, and effective execution of the Information Risk Management (IRM) program. Key program elements include internal loss, external loss, risk assessment, business impact assessments, Key Risk Indicators (KRIs), scenario analysis & stress testing.

Essential Functions:

• Analyzes, measures IT process and control performance, monitors trends, defines limits according for Corporate Banking Op Risk exposures in accordance with the Risk Appetite
• Assist in the ongoing oversight of Operational Risk (OR) Framework and Information Risk Management (IRM) requirements in support of the first line of defense
• Contributes to escalation, reporting, communication to Risk Governance Forums
• Helps drive culture of risk awareness
• Participates in the creation and delivery of OR business-tailored training
• Supports the creation, management, and development of OR program strategy, policies and models within the Corporate Banking Business

Primary Skills:

• Technology Change and Release Management
• IT Configuration Management
• Network Operations and Security Management
• Security Logging and Monitoring
• Basic Technology Risk requirements – Review and analysis of security-related configuration and hardening standards for Windows, ESX, and RedHat servers, Windows laptops/desktops, SQL Server database and network technologies within the enterprise.
• Reviewing configuration and policies of Information Security Scanning Tools covering operating systems and databases.
• Review and challenge compliance metrics published by corporate-wide audience and prepare conclusions for review by IRM (Information Risk Management) and ORM (Operational Risk Management) and senior management.
• Review and verify compliance with Information Security related standards and process documentation (e.g. End User Computing and Macro Governance)
• Supporting internal and external audit exercises.

Regulatory Knowledge:

• Gramm-Leach Bliley Act (GLBA)
• Sarbanes-Oxley (SOX)
• OCC Heightened Standards
• FFIEC Guidelines
• NYDFS
• GDPR

General Skills & Abilities:

• Strong technology risk management principles, methodologies and tools, governance principles and activity preferably in a financial services technology environment including knowledge of workflow/processes and risks/controls
• Ability to independently operate in a complex, matrixed environment; adept at delivering and maintaining productive working relationships across business, functions, geographies and lines of defense
• Advanced operational risk, process, and control validation and/or assessment skills.
• Ability to direct, train and guide peers, subordinates and management.
• Ability to handle conflict resolution with other groups to ensure appropriate accounting guidance is followed.
• Ability to adjust to new developments/changing circumstances.
• Ability to convey a sense of urgency and drive issues/projects to closure.
• Ability to effectively interact with the market, executive management and vendors.
• Ability to adapt and adjust to multiple demands and competing priorities.
• Excellent written and oral communication skills.
• Excellent analytical, organizational and project management skills.
• Strong project management skills.

Experience and preferred certifications:

• 6+ years Risk Management/Risk.
• 6+ years Information Technology / Information Security
• 3+ years Financial Services industry

Required Skills: Location: Boston, MA or Dallas, TX (Remote Start, Hybrid future) 1. 1st & 2nd Line IT Audit -Assessing 'Security Event Monitoring and Logging processes and controls' -Network Ops & Sec. Management -IT Config Mgmt.