Information Security Risk Analyst

The Information Security Risk Analyst is a critical role within Information Security that plays an integral part in security and resilience of the bank's information systems and data assets. Reporting directly to the Information Security Officer (ISO), the Information Security Risk Analyst is responsible for maintaining information security policies, procedures, and controls to mitigate risks and comply with regulatory requirements. The Information Security Risk Analyst must also have extensive knowledge and understanding of risk management processes and mitigation strategies to address identified risks in technology and business processes through direct involvement with the business units., * Under the guidance of the ISO, conduct comprehensive risk assessments of information systems, applications, processes, and infrastructure to identify security vulnerabilities, threats, and risks.

• Maintain the Data Loss Prevention Program including the review of data access permissions and monitoring data flows to detect potential breaches or security policy violations.
• Maintain the Issues Management Program designed to track and manage identified security issues.
• Evaluate the implementation of information security processes and controls in alignment with the enterprise Information Security Program and ensure compliance with regulatory requirements such as GLBA and FFIEC guidelines
• Maintain the Threat Intelligence Program designed to monitor and identify vendors, data, or system compromises.
• Maintain and provide compliance evidence for audits, internal requests, and other appropriate business needs
• Reports on cybersecurity Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to inform leadership and drive accountability.
• Maintain the GRC platform for Information Security, ensuring compliance with internal policies and regulatory requirements.
• In collaboration with the security team, assists in the development and monitoring of security policies, standards, guidelines, diagrams, and procedures to ensure ongoing maintenance, identify gaps and/or recommendations.
• Prepare risk assessment reports and presentations for management and audit.
• Complies with and stays abreast of all policies and procedures, federal and state laws applicable to the job. Assess Information Security requirements and present recommendations in compliance with Bank and Regulatory requirements.
• Provide, present, and promote the Citizens Experience to all external and internal customers.
• Other duties as assigned.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions., Associate's degree (A. A.) or equivalent from two-year College or technical school; or one-year related work experience; or combination of education and experience.

Experience with the NIST Cybersecurity Framework (CSF) 2.0, Cyber Risk Institute (CRI) Profile, or GLBA Risk Assessments is a plus.

LANGUAGE SKILLS

Ability to read, analyze and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to write reports, business correspondence, and procedure manuals. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.

MATHEMATICAL SKILLS

Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.

REASONING ABILITY

Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

COMPUTER & SOFTWARE SKILLS

To perform this job successfully, an individual should have fundamental knowledge of security principles and technologies.

Experience with GRC Platforms such as Archer, MetricStream, ServiceNow is a plus

CERTIFICATES, LICENSES, REGISTRATIONS

• Certified in Risk and Information Systems Control (CRISC)
• CompTIA Security+
• Certified Enterprise Defender (GCED)

OTHER SKILLS and ABILITIES

• Excellent organizational and time management skills are essential.
• The following skills and experience are relevant and preferred

• Banking experience
• Compliance & Risk management, While performing the duties of this job, the associate is regularly required to talk or hear. The associate is frequently required to stand; walk; sit; and use hands and fingers to handle or feel. The associate is occasionally required to reach with hands and arms, and stoop, kneel, crouch or crawl. The associate is regularly required to operate a computer keyboard, mouse, calculator and telephone and reach with hands and arms. The associate must occasionally lift and/or move up to twenty-five (25) pounds.