IT Risk Analyst I

**If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal.

This position may be located at any of the First Interstate Bank offices within Arizona, Idaho, Iowa, Kansas, Missouri, Montana, Nebraska, North Dakota, Oregon, South Dakota and Wyoming.

What’s Important to You

We know your career is just one aspect of a meaningful, complex, and demanding life. That’s why we designed our compensation and benefits package to provide employees and their families with as much choice as possible.

• Generous Paid Time Off (PTO) in addition to paid federal holidays.
• Student debt employer repayment program.
• 401(k) retirement plan with a 6% match.
• The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve, and why we want YOU to be a part of it.

We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for #TeamFirstInterstate.

SUMMARY
The IT Risk Analyst I is responsible for guiding, identifying, and measuring informational and technical risks within First Interstate Bank's (FIB) infrastructure or related third parties. This position will be responsible for performing test work to validate system and application security configurations meet industry and FIB architecture and security standards as well as establishing and leveraging risk metrics and dashboards to continuously assess and report on technical risk.
ESSENTIAL DUTIES AND RESPONSIBILITIES

• Researches and evaluates proposed new technologies and platforms to ensure the appropriate technical security controls are specified in the requirements and are in alignment with the security reference architecture and security controls framework.

• Provides security consulting on projects to ensure solution is designed in accordance with security architecture and that security configurations are properly implemented.

• Performs technical security assessments and targeted risk assessment against FIB’s existing infrastructure and products to ensure compliance with policies, standards, regulatory requirements, and industry best practices.

• Monitors and matures the risk-based IT security metrics, scorecards, and dashboards to measure cybersecurity performance and the effectiveness of IT risk management practices.

• Identifies and documents IT gaps and/or deficiencies arising from targeted risk assessments and other risk identification activities.

• Assesses and assigns risk ratings based on likelihood and potential impact; communicates deficiencies with key IT stakeholders.

• Performs root cause analysis for IT gaps and/or deficiencies and collaborates with IT stakeholders for timely remediation plan development and implementation.

• Performs independent validation and proactive monitoring of IT gaps and/or deficiencies through resolution.

• Works with various groups during product upgrades or new product design to ensure security best practices are implemented.

• Performs technical reviews of third parties cyber and information risk.

• Researches emerging technologies in support of security enhancement and development efforts.

• Provides policy governance, ensuring IT policies and standards are compliant with regulatory requirements, industry best practices, and ensures effective communication across FIB.

QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
KNOWLEDGE, SKILLS AND ABILITIES

• Knowledge of concepts and principles in information security functional areas such as cloud security, firewalls, and identity and access management.

• Strong understanding of industry standard security frameworks, security controls and compliance frameworks, such as NIST 800-53, NIST CSF, CIS, COBIT, and FFIEC.

• Remains up to date with emerging threats, best practices, and relevant frameworks, guidance, and legislation.

• Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.

• Ability to influence peers, colleagues, and managers to take action on complex, technical, or sensitive security topics.

• Capable of managing varied assignments and working independently.

• Ability to define problems, collect data, establish facts, and draw valid conclusions.

• Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

• Proficient with methods used in performing risk analyses and assessments and measuring cybersecurity compliance.

• Proficient in maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.

• Proficient in working with compliance and regulatory program requirements.

EDUCATION AND/OR EXPERIENCE

• Bachelor's Degree in a related field required

• 1-3 years experience in IT security audit, IT risk management, information security, and/or equivalent combination of education and experience required

• Experience in a financial institution preferred

LICENSES AND CERTIFICATIONS

• Certified Information Systems Security Professional (CISSP) preferred

• Certified Information Systems Auditor (CISA) preferred

• Certified in Risk and Information Systems Control (CRISC) preferred

• Certified Information Security Manager (CISM) preferred

PHYSICAL DEMANDS AND WORKING ENVIRONMENT
The physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job. In compliance with the Americans with Disabilities Act, the company provides reasonable accommodation to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.

• Dexterity of hands/fingers to operate computer keyboard and mouse - Frequently

• Lifting - Occasionally (up to 50 lbs)

• Sitting - Frequently

• Standing - Occasionally

• Noise Level - Moderate

• Typical Work Hours - M-F (8-5)

• Regular and Predictable Attendance - Required

**If you are a current FIB employee, please apply through the Career Worklet in the Employee Portal.