Job Description:
The Info Security Controls Specialist will be part of the GIS Process Excellence team. Responsibilities include execution of the Enterprise Process Management Policy and associated governance routines, controls, and measurements. In this role, you will be responsible for executing and leading the necessary governance routines including monthly process and control performance analysis and reporting, and coordinating breach remediation plans. This role requires business acumen, analytical mindset, and strong communication skills to engage with teammates and partners at various levels across GIS and the enterprise.
The responsibilities of the position will include:
• Work with Process Excellence team and senior GIS leaders to ensure process and control attributes (names, descriptions, metrics) meet enterprise requirements
• Monitor and report on the health of the GIS process inventory
• Partner with GT&O partners to QA/QC our process inventory on an ongoing basis
• Work with GCOR to address challenges
• Partner with Exam Management team to ensure appropriate response for any Audit/Regulatory requests
• Support implementation and execution of governance routines
• Assist with overall management of the GIS process inventory
Required Skills:
• Foundational knowledge of general bank policies, regulations, programs and procedures
• Risk Management and governance experience
• Strong analytical skills/problem solving/conceptual thinking
• Attention to detail and ability to streamline/automate manual processes
• Strong ability to establish relationship with peers across teams to achieve optimal results
• Ability to work independently on initiatives with little oversight. Motivated and willing to learn
• Highly effective written and verbal communication skills
• Executive presentation and communication skills
Desired Skills:
• Familiarity with Single Process Inventory (SPI) Framework
• Working knowledge of compliance and risk framework, including Process Risk Control (PRC)
• Prior Governance, Compliance, and or Audit experience
• Cyber security or information security domain knowledge
Enterprise Role Overview - Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.
Shift:
1st shift (United States of America)
Hours Per Week:
40