San Francisco, CA
The Information Security Risk Analyst will support the Information Security risk management process within the Bank. The individual will be: well-versed in security architecture and controls; familiar with current and emerging threats; able to develop risk mitigation strategies required to protect the confidentiality, integrity and availability of information systems and client data; and proficient at working with internal business units and vendors to resolve risk issues and develop efficient and effective action plans.
The Information Security Risk Analyst will: independently perform risk assessments; attend project meetings; prepare detailed risk assessment reports for management approval; maintain information on the risk assessments in the Bank's governance, risk and compliance database; assist end users in understanding security issues and developing mitigation strategies; and stay current on regulatory requirements, industry standards, data security frameworks and best practices. This position requires experience in conducting security risk assessments, working with complex technology systems, managing projects and providing security consulting services. The Information Security Risk Analyst needs excellent verbal and written communication skills and the ability to understand business requirements in order to make decisions on appropriate risk strategies.
Scope of Responsibilities:
1. The majority of the Risk Analysts' time is devoted to attending meetings with the business to collect information; analysis of complex vendor and internal reports; determining whether the controls identified in this process meet Client, regulatory and industry standards; identifying any deficiencies; recommending to the business any controls that would mitigate these deficiencies; and preparing reports to management on the overall assessment. The Risk Analyst has significant discretion in determining priorities and recommendations and is required to use independent judgment in assessing the risks and developing solutions.
2. The responsibilities associated with the position are significant. Many of the processes and technologies that are assessed involve a significant portion of the Bank's revenue and assets. If the Risk Analyst fails to identify a material control deficiency, the Bank is at greater risk of a loss of funds, damage to assets, interruption of business or loss of reputation - and the potential impact of such failure could have a financial impact on the Bank that would be measured in the millions of dollars.
Responsiblities amd Duties:
- Perform independent hands-on risk assessments to identify significant information security risks and oversee compliance with numerous regulatory and industry control requirements. Includes application, system, infrastructure, process and vendor security risk assessments to determine compliance with Bank Policies and Standards, financial laws and regulations such as GLBA, SOX and FACTA along with the FFIEC Information Technology Examination Handbooks.
- Responsibilities include the following: 1) adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (i.e. Bank Secrecy Act, USA PATRIOT Act, etc.), 2) adhering to Bank policies and procedures, 3) completing required training, 4) identifying and reporting potential suspicious activity to the BSA/AML Officer, and 5) knowing and verifying the identity of any customer(s) that enters into a relationship with the Bank.
- Identify and communicate recommended/required security controls for business units. Document and monitor the implementation of controls for technology and business project plans.
- Manage Information Security projects from beginning to end. Participate in business and vendor project meetings and provide guidance on appropriate security controls.
- Provide security consulting services to business units.
- Review vendor contracts for compliance with Bank security and availability requirements and recommend appropriate language as necessary.
- Maintain broad knowledge of best practices and trends in the field of Information Security.
- Perform duties & responsibilities specific to department functions & activities.
- Performs other duties & responsibilities as required or assigned by supervisor.
- Minimum 4 year college degree required.
- Knowledge/Experience of LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems required.
- Relevant information security certifications (e.g., CISSP, CISA or GIAC) preferred.
- Knowledge/Experience in Business Continuity concepts and framework preferred
- 3 years of security related work experience in banking or other regulated environment required.
- Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.
- Work independently, make sound decisions and multi-task effectively in a very diverse, project oriented environment.
- Remain objective in stressful or potentially charged situations.
- Ability to complete high quality deliverables.
- Team player
- Provides extraordinary service
- Furthers the Client culture and values