LEAD IT RISK CONTROLS ANALYSTWHAT IS THE OPPORTUNITY?The Lead IT Risk Analyst is a subject‑area specialist who utilizes specialized training, methods, and analytic techniques to develop recommendations and directions for IT risk mitigation in a complex technical environment. The role involves overseeing ongoing compliance with City National Bank and regulatory requirements, implementing risk‑management policies and procedures, identifying, evaluating, and reporting on information security risks, and supporting the organization's risk‑management strategy. The analyst focuses on compliance assessment, including third‑party security and overall IT program effectiveness, providing actionable information for IT and business leadership, and delivering objective assessments of risks for auditors, regulators, and external parties. The analyst stays abreast of industry trends, technologies, cyber‑risk management approaches, and regulatory changes, collaborating with other teams on IT risk‑related initiatives to guide the organization toward its risk appetite and regulatory compliance.WHAT WILL YOU DO?Support CNB IT in the creation of analytics and reporting to enhance senior management's ability to anticipate and manage risks effectively.Manage the development and execution of first‑line risk‑management reporting, setting direction, goals, and raising awareness of risk and controls.Develop and execute end‑to‑end change management of processes to gather and analyze relevant information.Lead the development and execution of processes to support delivery of risk‑management reporting, including support of stakeholder groups.Lead analysis and documentation of information to support risk drivers and metrics.Assess risk within the subject specialty area to evaluate the design and effectiveness of IT controls.Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum IT and security standards.Partner with external partners, vendors, as applicable, to fulfill reporting and information‑sharing requirements, and collect information for comprehensive risk analysis and assessment.Create and maintain process and procedural documentation for various risk‑analysis and risk‑assessment activities.Highlight industry‑based methodologies, techniques, or standards (FAIR, NIST, FFIEC, CSA, etc.) used as the basis for analysis.Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures.Participate in other IT risk support projects and duties as needed or requested.Develop and implement a comprehensive IT risk‑management framework tailored to the banking/financial technology environment.Conduct thorough risk assessments to identify vulnerabilities and evaluate risk in the context of financial sector threats and compliance mandates.Work closely with IT, security, and compliance departments to align risk‑management strategies with business objectives and regulatory obligations.Monitor and report on the effectiveness of risk mitigation and compliance of IT systems with internal requirements and industry standards such as PCI‑DSS, FFIEC, GLBA, etc.Develop and oversee a training program for employees on effective risk management and compliance requirements to foster a risk‑aware culture.Stay abreast of emerging security threats, technologies, and potential impacts on the financial services industry.Develop and maintain a comprehensive IT risk‑management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.Conduct risk assessments to identify vulnerabilities, assess potential impacts, and determine appropriate measures to manage risks effectively.Collaborate with IT and security teams to implement risk‑mitigation strategies and solutions.Monitor and report on compliance with IT/security policies, as well as the effectiveness of the controls and requirements.Provide training and guidance to staff on risk management and operational process hygiene.Stay informed about the latest control challenges and regulatory changes that may affect the organization.WHAT DO YOU NEED TO SUCCEED?Required QualificationsBachelor's Degree or equivalentMinimum 12 years' experience in Information/Cyber Security fieldMinimum 10 years of information security monitoring and response or related experienceMinimum 3 years' experience managing or coordinating resources such as people or projectsAdditional QualificationsDemonstrated experience analyzing complex Information Security data sets within a subject area specialty.Demonstrated knowledge of the Information Security landscape – threats, trends, technologies.Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk.Excellent communication and interpersonal skills. Strong ability to create positive and professional business relationships with internal clients.Strong commitment to working as a team and providing excellent customer service.Exposure to banking or equivalent highly controlled technology environment is preferred.Master's degree in business, computer science or related field preferred.Professional certifications (CPA, CISA, CISM, CISSP, GSEC, etc.) are highly desired.Demonstrated experience with industry or subject‑specific analysis or assessment frameworks (FAIR, NIST CSF, etc.) is highly desired.Experience in banking/financial industry is strongly preferred.Formalized training in cyber security analysis or assessment techniques.Big 4 experience is highly preferred.Proven experience in managing compliance with financial industry regulations and standards.Strong analytical skills to triage identified security vulnerabilities, risks, and design and implement effective mitigation strategies.Excellent communication skills, capable of effectively engaging and influencing stakeholders from IT security technicians to executive management.Strong understanding of network infrastructure, database security, and data protection technologies.Experience with risk assessment tools, technologies, and methods.Familiarity with third‑party risk management and SOC reports.Minimum 2 years audit and assessment engagement management experience.Proficiency in creating and maintaining policies and compliance documentation.Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, and GDPR.Excellent communication, analytical, and organizational skills.WHAT'S IN IT FOR YOU?CompensationStarting base salary: $100,000 – $170,000 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.BenefitsComprehensive healthcare coverage, including medical, dental, and vision plans, available the first of the month following the start date.Generous 401(k) company matching contribution.Career development through tuition reimbursement and other internal up‑skilling and training resources.Valued time‑away benefits, including vacation, sick, and volunteer time.Specialized health and family planning benefits, including fertility benefits and cancer, diabetes, and musculoskeletal support programs.Career mobility support from a dedicated recruitment team.Colleague resource groups to support networking and community engagement.Inclusion and Equal Opportunity EmploymentCity National Bank fosters an inclusive environment where all forms of diversity are valued and leveraged to make us a better company and employer. We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, veteran status, or other basis protected by law.It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.Represents basic qualifications for the position. To be considered for this position, you must at least meet the required qualifications. Applications are open on an ongoing basis until the position is filled.Unless otherwise indicated as fully remote, reporting into a designated City National location is an essential function of the job.#CA-AP#J-18808-Ljbffr