The Role
The Senior Technology Risk & Controls Analyst is responsible for executing the Technology Risk Program, conducting risk assessments, collaborating with technology teams on controls, managing audit processes, and promoting risk awareness within IT.
Summary Generated by Built In
Job Summary & Responsibilities
SUMMARY: This position has primary responsibility for the build out, update and execution of the Company's Technology Risk Program for the first Line of Defense (1LOD). Individuals in this position provide risk expertise and assistance to make sure technology assets are suitably protected, receiving oversight and direction from the 2LOD IT Risk team. The incumbent will work with key technology stakeholders to facilitate technology risk analysis, assist with the identification and build-out of suitable controls so residual risk is within the Bank's Risk Appetite. This position will also support testing of technology controls, technology risk assessments, key risk indicators reporting, and technology projects as assigned.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
- Identifies and assess technology risks across processes, applications, and infrastructure. Conduct risk assessments and maintain accurate risk documentation (e.g., risk registers, RCSA).
- Collaborates with technology teams to design and implement effective controls based on industry-recognized frameworks such as NIST CSF, NIST SP 800-53, and RMF. Perform control testing and review IT control effectiveness, supporting remediation of gaps.
- Serves as the primary liaison between IT (1LoD) and audit teams (Internal, External, SOX). Coordinate evidence collection, facilitate audit requests, and support issue owners in timely remediation. Track and report on open audit issues until closure.
- Analyzes and report results of control testing, risk assessments, and technology-related metrics (KPIs and KRIs). Present findings and recommendations to 1LoD and 2LoD management.
- Ensures adherence to internal policies and applicable regulations. Review and validate technology-related data transfers to external parties, ensuring secure and compliant processes.
- Promotes risk awareness across IT teams and act as a trusted advisor for technology risk-related decisions. Provide guidance and training on IT risk and control practices.
- Supports development and maintenance of IT risk policies, standards, and procedures. Apply frameworks such as NIST CSF and other best practices to strengthen IT governance.
- Partners with IT process owners, 2LoD, and other stakeholders to ensure timely implementation of controls and remediation actions.
- Provides support for the External Data Transfer process by tracking, reviewing, and validating data sent outside the Bank to ensure secure transmission and facilitate the timely closure of each request.
- Partners with IT Process Owners to identify continuous improvement opportunities with emphasis on risk mitigation.
- Explores application of AI in role to automate tasks or improve user experience.
- Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
- Adheres to Bank policies and procedures and completes required training.
- Identifies and reports suspicious activity.
EDUCATION
Bachelor's Degree in cybersecurity, computer science, or related field, or equivalent work experience required.
EXPERIENCE
- 4-6 years of progressive experience in IT risk management, IT Audit, or cybersecurity and technology controls, with a strong background in risk assessments, regulatory compliance, and governance frameworks
CERTIFICATES, LICENSES, REGISTRATIONS
- Certifications in technology, security, and auditing, such as CISSP, CCSP, CISA, or CRISC, are a plus preferred
KNOWLEDGE, SKILLS AND ABILITIES
- In-depth knowledge of risk management and technology controls frameworks and standards, such as NIST, CIS, PCI-DSS (High)
- Strong understanding of IT infrastructure, cloud security, and data protection practices (High)
- Knowledge of regulatory and compliance frameworks relevant to the financial industry (Medium)
- Strong analytical and problem-solving skills (High)
- Excellent communication and interpersonal skills (High)
- Ability to work independently and as part of a team (High)
- Ability to perform role with minimal supervision.
ADDITIONAL INFORMATION
- Candidates residing in locations within BankUnited's footprint may be given preference.
#GoForMore
Top Skills
Cis
Cybersecurity Principles
Nist Csf
Nist Sp 800-53
Pci-Dss
Rmf
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
BankUnited, Inc., with total consolidated assets of $35.2 billion at March 31, 2021, is a bank holding company with one wholly owned subsidiary, BankUnited.
BankUnited, a national banking association headquartered in Miami Lakes, Florida, provides a full range of banking services to individual and corporate customers through banking centers in Florida and New York. The Bank also provides certain commercial lending and deposit products on a national platform.
Here at BankUnited, we endeavor to provide, through experienced lending and relationship banking teams, personalized customer service and offer a full range of traditional banking products and services to both commercial and retail customers.
