[Remote] IT Systems Risk Analyst

Note: The job is a remote job and is open to candidates in USA. United Fidelity Bank is committed to delivering excellent customer service and is seeking an IT Systems Risk Analyst. The role involves identifying, evaluating, and assessing cybersecurity risks affecting the bank's systems, while collaborating with various departments to maintain internal systems risk areas.

Responsibilities

• Works closely with the IT GRC Manager, IT department stakeholders, and leadership for all duties
• Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents, threats, trends, and techniques for employee consumption
• Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank
• Conducts formal Risk Assessments using CIA / IL and other risk frameworks
• Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives
• Conducts comprehensive risk assessments for the Bank’s technology assets, including hardware, software, and networking assets within the Bank’s Source of Record
• Reviews CIS Level I Configuration reports and analyses to assess risks and gaps associated with departmental configuration initiatives
• Taps industry accepted vulnerability databases cross-referenced with the Bank’s systems and assets to create priority plans for the most severe threats
• Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations, which can become outdated or factually inaccurate as new technologies emerge
• Contribute to internal system and asset Business Impact Analysis (BIA) from an IT risk perspective
• Measure risks against the Bank’s risk tolerance and review control expirations and compensations
• Reviews JML (Joiner/Mover/Leaver) Control health in the Bank’s internal systems
• Coordinates with Vendor Management concerning EULA Licensure of IT vendors
• Classifies vital statistics and data sensitivity labeling for IT systems
• Assists with BC/DR (Business Continuity/Disaster Recovery) testing and documentation
• Work with auditors and regulators for annual and/or bi-annual risk reviews
• Participate in Change Advisory as needed
• Perform all duties in relation to the Bank Secrecy Act under the guidance of the BSA Officer

Skills

• Demonstrable knowledge analyzing threats and vulnerabilities for inherent and residual risk
• Working knowledge of regulatory compliance frameworks, e.g., GLBA, FFIEC, or similar
• Thorough understanding of technology frameworks, e.g., NIST CSF 2.0, CIS, COBIT or similar
• Understanding of the contemporary information security threat landscape and how to protect it via industry best practice policies, standards, and written guidance
• Knowledge of cybersecurity EDR tools, risk remediation, and governance processes
• General knowledge of security systems, e.g., firewalls, IDS, WAF, NAC, and net communications
• Understanding data loss prevention, threat protection, group policy, and anti-malware tools
• Knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, load balancers, mail transport systems and cybersecurity
• Clear and concise written and verbal communication skills
• Analytical, multi-tasking, hypothetical modeling, and critical thinking skills
• Experience working with cross-functional leaders and stakeholders to devise risk mitigation plans and implement cybersecurity risk controls before evaluating their effectiveness
• Proficiency with Microsoft Office Suite (Excel, Outlook, PowerPoint, Teams, SharePoint, and Word)
• Bachelor's degree in a compositional, technical, or security field, preferred
• 4+ years' work experience in systems administration, cybersecurity, GRC, or Risk
• Experience in using risk management platforms such as Optro, AuditBoard, or Archer
• Security (Sec+, CySA+, CISSP, CEH) or GRC (CRISC, CGRC) certification(s) preferred
• Banking industry experience preferred

Company Overview