Information Security Risk Management Analyst, Sr
Company Name:
Bank of the West
What sets Bank of the West apart from other banks is our team members-they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity - an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines - Retail Banking, Commercial Banking, National Finance, and Wealth Management.
Purpose Statement:
Responsible for performing risk management analysis primarily through completion of Enterprise Information Security Vendor assessments by working closely with the Third Party Program Office and Contract Administration.
Essential Job Functions:
1. Work closely with Third Party Program Office and Contract Administration to provide Enterprise Information Security Risk Assessment support for security vendor assessments.
o Perform security assessments of vendors who have access to or possession of
Bank confidential or restricted data and/or access to the Bank's internal network, determine mitigating controls, and identify/track the corrective action through third party vendor findings as required.
o Lead on-site security assessments at selected third party vendors.
2. Research industry trends and best practices as noted through organizations such as BITS, ISO, and COBIT
3. Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Enterprise Information Security's vendor risk assessment program capabilities to industry standards.
Other Job Function:
Participate in audit response management and provide ongoing guidance on solutions to achieve and maintain security compliance.
Provide expertise to mitigate information security risks and to correct compliance exposures and gaps
Other Information:
Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT architecture, Monitoring, Incident Response and Security Strategy.
Training in Risk Management or IT Audit Methodology strongly desired.
Technology risk or security certification preferred, e.g. CISSP, CISMP, CISA, CRISC or equivalent.
ISO 27000 frameworks, BITS SIG, or COBIT/SOX IT control testing.
Knowledge of security controls for the handling of Personally Identifiable Information (PII) data
Knowledge of regulations and security compliance requirements affecting financial institutions.
Membership and participation in security organizations, such as ISSA, ISC2, or ISACA.
Skills
Ability to exercise sound judgment regarding review findings and make effective recommendations to management.
Strong analytical skills from a business perspective including operating, technical, financial and other related fields.
Ability to work effectively on multiple projects within a team structure and excellent written and oral communication skills
Excellent verbal communication skills.
Strong interpersonal skills.
Ability to meet time sensitive deadlines required.
Ability to manage business and technical relationships with internal and external clients.
Ability to work and achieve goals without constant supervision
Education:
Bachelor's Degree in Computer Science, Management Information Systems, Business or related field
Experience:
Eight years of experience in risk management, information security, IT audit, and/or compliance
Level Supervised
none
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Job: Risk Management
Title: Information Security Risk Management Analyst, Sr
Location: Nebraska-Omaha
Requisition ID: 010160 Estimated Salary: $20 to $28 per hour based on qualifications.
Bank of the West
What sets Bank of the West apart from other banks is our team members-they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity - an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines - Retail Banking, Commercial Banking, National Finance, and Wealth Management.
Purpose Statement:
Responsible for performing risk management analysis primarily through completion of Enterprise Information Security Vendor assessments by working closely with the Third Party Program Office and Contract Administration.
Essential Job Functions:
1. Work closely with Third Party Program Office and Contract Administration to provide Enterprise Information Security Risk Assessment support for security vendor assessments.
o Perform security assessments of vendors who have access to or possession of
Bank confidential or restricted data and/or access to the Bank's internal network, determine mitigating controls, and identify/track the corrective action through third party vendor findings as required.
o Lead on-site security assessments at selected third party vendors.
2. Research industry trends and best practices as noted through organizations such as BITS, ISO, and COBIT
3. Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Enterprise Information Security's vendor risk assessment program capabilities to industry standards.
Other Job Function:
Participate in audit response management and provide ongoing guidance on solutions to achieve and maintain security compliance.
Provide expertise to mitigate information security risks and to correct compliance exposures and gaps
Other Information:
Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT architecture, Monitoring, Incident Response and Security Strategy.
Training in Risk Management or IT Audit Methodology strongly desired.
Technology risk or security certification preferred, e.g. CISSP, CISMP, CISA, CRISC or equivalent.
ISO 27000 frameworks, BITS SIG, or COBIT/SOX IT control testing.
Knowledge of security controls for the handling of Personally Identifiable Information (PII) data
Knowledge of regulations and security compliance requirements affecting financial institutions.
Membership and participation in security organizations, such as ISSA, ISC2, or ISACA.
Skills
Ability to exercise sound judgment regarding review findings and make effective recommendations to management.
Strong analytical skills from a business perspective including operating, technical, financial and other related fields.
Ability to work effectively on multiple projects within a team structure and excellent written and oral communication skills
Excellent verbal communication skills.
Strong interpersonal skills.
Ability to meet time sensitive deadlines required.
Ability to manage business and technical relationships with internal and external clients.
Ability to work and achieve goals without constant supervision
Education:
Bachelor's Degree in Computer Science, Management Information Systems, Business or related field
Experience:
Eight years of experience in risk management, information security, IT audit, and/or compliance
Level Supervised
none
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Job: Risk Management
Title: Information Security Risk Management Analyst, Sr
Location: Nebraska-Omaha
Requisition ID: 010160 Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
