Senior Information Security Risk and Compliance Analyst
The Senior Information Security Risk & Compliance Analyst will report to the Manager, Cybersecurity Governance Risk & Compliance, and will be responsible for developing and maintaining security standards and procedures, identifying cybersecurity risks, and ensuring adequate processes and technical controls are in place to mitigate identified risks. This role will participate in cybersecurity audits and assessments follow up with remediation activities based on audit recommendations and assist in maturing various cybersecurity programs including Security awareness, Incident Response, Disaster Recovery, etc.
Bachelor's degree in Computer Science, Information Systems, Information Security/Assurance, or related field.
Minimum 5 years of experience in an Information Security role, with strong experience in Security Governance, Risk & Compliance, or in a regulated industry preferably at a Bank or Financial Services institution.
Professional certifications in Information Security (such as CISA, CISM, CRISC, CISSP, CRISC, etc.) preferred.
Strong understanding of key information security concepts and fundamentals.
Experience with GRC and Information security tools/technologies to collect and main security and risk information.
General understanding of security risks and trends, security compliance assessments, and audits.
Excellent presentation, facilitation, and communication skills
Experience in creating awareness of security practices across multiple technical teams
Ability to lead cross-functional efforts in making sound risk-based decisions.
Working knowledge of security frameworks and standards including NIST, PCI, ISO 27001, etc.
Assist with the development and ongoing management of the Cybersecurity Governance Risk and Compliance program.
Maintain the Security Standards, process documentation, and control objectives.
Mature and enhance the information security awareness and training program.
Monitor and escalate unresolved security exposures, misuse, policy violations, and other non-compliance situations to Security Leadership.
Monitor industry regulatory environment for impact on security programs and changes to security compliance standards.
Work closely with Technology-focused teams and other stakeholders to identify potential security weaknesses, define potential impact and develop effective mitigation strategies.
Performs other duties as needed upon request by immediate supervisor.