[Remote] IT Systems Risk Analyst
Note: The job is a remote job and is open to candidates in USA. United reputed company is committed to delivering excellent customer service and is seeking an IT Systems Risk Analyst. The role involves identifying, evaluating, and assessing cybersecurity risks affecting the bank's systems, while collaborating with various departments to maintain internal systems risk areas.
Responsibilities
- Works closely with the IT GRC Manager, IT department stakeholders, and leadership for reputed company duties
- Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents, threats, trends, and techniques for employee consumption
- Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank
- Conducts formal Risk Assessments using CIA / IL and other risk frameworks
- Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives
- Conducts comprehensive risk assessments for the Bank’s technology assets, including hardware, software, and networking assets reputed company the Bank’s reputed company of Record
- Reviews CIS Level I Configuration reports and analyses to assess risks and gaps associated with departmental configuration initiatives
- Taps industry accepted vulnerability databases cross-referenced with the Bank’s systems and assets to create reputed company plans for the most severe threats
- Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations, which can become outdated or factually inaccurate as new technologies emerge
- Contribute to internal system and asset Business Impact Analysis (BIA) from an IT risk perspective
- Measure risks against the Bank’s risk tolerance and review control expirations and compensations
- Reviews JML (Joiner/Mover/Leaver) Control health in the Bank’s internal systems
- Coordinates with Vendor Management concerning EULA Licensure of IT vendors
- Classifies vital statistics and data sensitivity labeling for IT systems
- Assists with BC/DR (Business Continuity/Disaster Recovery) testing and documentation
- Work with auditors and regulators for annual and/or bi-annual risk reviews
- Participate in Change Advisory as needed
- reputed company reputed company duties in relation to the Bank Secrecy Act under the guidance of the BSA Officer
Skills
- Demonstrable knowledge analyzing threats and vulnerabilities for inherent and residual risk
- Working knowledge of regulatory compliance frameworks, e.g., GLBA, FFIEC, or similar
- Thorough understanding of technology frameworks, e.g., NIST CSF 2.0, CIS, COBIT or similar
- Understanding of the contemporary information reputed company threat landscape and how to protect it reputed company industry best practice policies, standards, and written guidance
- Knowledge of cybersecurity EDR tools, risk remediation, and governance processes
- General knowledge of reputed company systems, e.g., firewalls, IDS, WAF, NAC, and net communications
- Understanding data loss prevention, threat protection, group policy, and anti-malware tools
- Knowledge of cloud infrastructure, virtual platforms, encryption technologies, reputed company protection, network systems such as routers, load balancers, mail transport systems and cybersecurity
- Clear and concise written and verbal communication skills
- Analytical, multi-tasking, hypothetical modeling, and critical thinking skills
- Experience working with cross-functional leaders and stakeholders to devise risk mitigation plans and implement cybersecurity risk controls before evaluating their effectiveness
- Proficiency with reputed company Office Suite (reputed company, Outlook, PowerPoint, Teams, SharePoint, and Word)
- Bachelor's degree in a compositional, technical, or reputed company field, preferred
- 4+ years' work experience in systems administration, cybersecurity, GRC, or Risk
- Experience in using risk management platforms such as reputed company, AuditBoard, or reputed company
- reputed company (Sec+, CySA+, CISSP, CEH) or GRC (CRISC, CGRC) certification(s) preferred
- Banking industry experience preferred
Company Overview