IT Risk Analyst II

This position may be located at any of First Interstate Bank's offices in Idaho, Iowa, Missouri, Montana, Nebraska, Oregon, South Dakota, or Wyoming.
What’s Important to You
We know your career is just one aspect of a meaningful, complex, and demanding life. That’s why we designed our compensation and benefits package to provide employees and their families with as much choice as possible.

• Generous Paid Time Off (PTO) in addition to paid federal holidays.
• Student debt employer repayment program.
• 401(k) retirement plan with a 6% match.
• The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve and why we want YOU to be a part of it.

We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for #TeamFirstInterstate.
SUMMARY
The IT Risk Analyst II is responsible for measuring and identifying technical risks within First Interstate Bank's (FIB) infrastructure and third-party solutions. This position is also responsible for performing testing to validate systems and application security configurations continue to meet industry and FIB architecture and security standards, establishing and leveraging risk metrics and dashboards to continuously assess and report on technical risk, and providing guidance on IT security architecture and configurations based on the risks and controls evaluated.
ESSENTIAL DUTIES AND RESPONSIBILITIES

• Leverages technical knowledge to assist in developing and enhancing cyber and information security policies, procedures, and standards.
• Works with Enterprise Architecture to assist in developing and enhancing the information security architecture standards and IT security technology roadmaps.
• Researches and evaluates proposed new technologies and platforms to ensure the appropriate technical security controls are specified in the requirements and are in alignment with the security reference architecture and security controls framework.
• Provides security consulting on projects to ensure solutions are designed in accordance with security architecture and that security configurations are properly implemented.
• Performs technical security assessments against FIB’s existing infrastructure and products to ensure compliance with security architecture, policies, standards, procedures, and industry best practices.
• Monitors and matures the risk-based IT security metrics, scorecards, and dashboards to track cybersecurity performance and trends across the organization.
• Assists the business in identifying root causes and develops mitigation for deficiencies.
• Works with various groups during product upgrades or new product design to ensure security best practices are implemented.
• Performs technical reviews of third-party cyber and information risk.
• Researches emerging technologies in support of security enhancement and development efforts.

QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
KNOWLEDGE, SKILLS AND ABILITIES

• Knowledge of concepts and principles in information security functional areas such as cloud security, firewalls and security mediation services, identity and access management, industry standard security frameworks, security controls, and compliance frameworks.
• Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
• Strong communication skills with all levels of the business and the ability to leverage knowledge of the appropriate approach and degree of detail for each.
• Remain up to date with emerging threats, best practices, and relevant frameworks, guidance, and legislation.
• Capable of managing varied assignments and working independently.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.
• Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
• Experience with methods used in performing risk analyses and assessments and measuring cybersecurity compliance.
• Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
• Experience in working with compliance and regulatory program requirements.

EDUCATION AND/OR EXPERIENCE

• Bachelor's Degree in a related field required
• 4-6 years experience in IT security audit, architecture, engineer, risk monitoring, and/or equivalent combination of education and experience required

LICENSES AND CERTIFICATIONS

• CISSP – Certified Information Systems Security Professional preferred
• CISA – Certified Information Systems Auditor preferred
• CEH – Certified Ethical Hacker preferred
• CCSP – Certified Cloud Security Professional preferred
• GSEC – GIAC Security Essentials Certification preferred
• GISP – GIAC Information Security Professional preferred

PHYSICAL DEMANDS AND WORKING ENVIRONMENT
The physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job. In compliance with the Americans with Disabilities Act, the company provides reasonable accommodation to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.

• Dexterity of hands/fingers to operate computer keyboard and mouse - Frequently
• Lifting - Occasionally (up to 50 lbs)
• Sitting - Frequently
• Standing - Occasionally
• Noise Level - Moderate
• Typical Work Hours - M-F (8-5)
• Regular and Predictable Attendance - Required