IT Risk Analyst

It's fun to work at a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.

Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.

Job Summary:

The IT Risk Analyst is responsible for the identification, evaluation, and assessment of cybersecurity risks affecting United Fidelity Bank, from threats to vulnerabilities and including ongoing reviews and audits of controls. The incumbent will work closely with other functional area subject matter experts (Enterprise Risk Management, Compliance, Audit, and Information Technology) to understand, develop, and maintain United Fidelity Bank’s natural, technical, and adversarial risks, their relationships, controls, and mitigation plans.

Essential Job Functions include, but are not limited to:

• Works closely with the IT GRC Manager, IT department stakeholders, and leadership for all duties.
• Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents, threats, trends, and techniques for employee consumption.
• Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank.
• Conducts formal Risk Assessments using CIA / IL and other risk frameworks.
• Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives.
• Taps industry accepted vulnerability databases cross-referenced with the Bank’s systems and assets to create priority plans for the most severe threats.
• Performs IT Asset Surveys and details Assets within Risk Management Platform.
• Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations, which can become outdated or factually inaccurate as new technologies emerge.
• Contribute to internal system and asset Business Impact Analysis (BIA).
• Drafts Corrective Action Plans and Plans of Action & Milestone for Risk Correction.
• Communicates and works with Enterprise Risk Management (ERM) for alignment of PSPs (Policies, Standards, and Procedures).
• Measure risks against the Bank’s risk tolerance and review control expirations and compensations.
• Reviews and audits historical Risk Registers to ascertain the use of Controls.
• Maintain KRI/KCI dashboards in support of Risk and Steering.
• Track SLA adherence standards for IT Risk Assessment criticality.
• Work with auditors and regulators for annual and/or bi-annual risk reviews.
• Oversee joiner/mover/leaver control health.
• Participate in Change Advisory as needed.
• Preform all duties in relation to the Bank Secrecy Act under the guidance of the BSA Officer.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. In accordance with the Americans with Disabilities Act, Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

Skills and Abilities Required to Perform Essential Job Functions:

• Demonstrable knowledge analyzing threats and vulnerabilities for inherent and residual risk.
• Working knowledge of regulatory compliance frameworks, e.g., GLBA, FFIEC, or similar.
• Thorough understanding of technology frameworks, e.g., NIST CSF 2.0, CIS, COBIT or similar.  
• Understanding of the contemporary information security threat landscape and how to protect it via industry best practice policies, standards, and written guidance.
• Knowledge of cybersecurity EDR tools, risk remediation, and governance processes.
• General knowledge of security systems, e.g., firewalls, IDS, WAF, NAC, and net communications.
• Understanding data loss prevention, threat protection, group policy, and anti-malware tools.
• Knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, load balancers, mail transport systems and cybersecurity.
• Clear and concise written and verbal communication skills.
• Strong presentation skills, especially for business and control narratives and executive reporting.
• Analytical, multi-tasking, hypothetical modeling, and critical thinking skills.
• Experience working with cross-functional leaders and stakeholders to devise risk mitigation plans and implement cybersecurity risk controls before evaluating their effectiveness.
• Proficiency with Microsoft Office Suite (Excel, Outlook, PowerPoint, Teams, SharePoint, and Word).

Education, Experience and Qualifications:

• 4+ years’ work experience in cybersecurity, GRC, or IT Risk.
• Bachelor’s degree in a technical or security field, preferred.
• Experience in using risk management platforms such as Audit Board, preferred.
• Security (Sec+, CySA+, CISSP, CEH) or GRC (CISA, CRISC, CGRC) certification(s) preferred.
• Banking industry experience, preferred.

Physical Requirements of Essential Job Functions:

The associate is frequently required to sit and/or stand, communicate, reach, and manipulate objects, tools or controls that are typical of an office/bank environment. Lifting items weighting up to 10 pounds on a consistent basis. Manual dexterity and coordination are required over 80% of the work period while operating equipment such as computers, phones, calculators, etc.

Working Conditions:

• Typical office environment.
• Extended viewing of computer screens.
• Periodic travel between locations may be required.
• Regular office hours are Monday through Friday from 8 am – 5 pm. At times, working outside of stated regular hours may be required.  

The above statements are intended to describe the general nature and level of work performed by associates assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of the associate classified as such. Duties and responsibilities may be added or changed as deemed appropriate by management at any time therefore, they could differ from those outlined above.

United Fidelity Bank is proud to be an Equal Opportunity/Affirmative Action employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.