In this Issues Intake individual contributor role, the candidate will be responsible for identifying and documenting risks and/or mitigation plans related to Audit, Compliance, Ops Risk, Regulatory and/or GIS identified risks, issues, control enhancements and MRAs within defined SLAs. This includes leading and facilitating meetings to debate and understand risks, and drafting clear and articulate issue summaries and mitigation plans to be reviewed by senior and executive management. The candidate will be expected to manage a portfolio of risks and issues and understand holistic risks across their assigned area and be able to make determinations on how they may affect other divisions and GIS as a whole. The candidate will be expected to develop and present routine reports and metrics related to the process. The candidate will also be responsible for escalating potential roadblocks that may delay on-time completion.
· Excellent writing skills with the ability to communicate information security/cybersecurity risks/issue to senior management and potentially non-technical audience.
· Cyber security or information security domain knowledge.
· Exhibit strong relationship management and interpersonal skills.
· Ability to work in a highly visible and fast-paced environment, where business needs/priorities may change and path forward is not always black/white.
· Self-starter, organized, versatile, and capable of performing work with minimal management oversight.
· Ability to leverage strong critical thinking skills to present solutions, not problems
· Excellent time management skills and ability to juggle multiple, competing priorities.
· Operates with a sense of urgency and has a strong attention to detail.
· Capable of analyzing complex problem in order to provide strategic and tactical solutions.
· Ability to “connect the dots” for others across multiple data points, make connections upstream/downstream that may not be easily noticeable.
· Bachelors and/or Master’s degree
· CISSP, CRISC, CISA, CISM certification or similar.
· Prior operational risk, audit, compliance or information security experience.
· Detailed, bank specific risk management and governance experience.
· Capable of analyzing, simplifying and expressing complex problems.
· Ability to work with technical and non-technical business owners.
· Ability to develop strong working relationships with all levels of management.
· Assist with internal efficiencies projects and development.
ENTERPRISE ROLE OVERVIEW - Evaluates and supports the risk identification documentation, validation, assessment, and/or mitigation processes necessary to ensure that existing and new IT systems meet Enterprise information security requirements and risk appetite. Leverages knowledge of IT platforms, tools and concepts, such as network devices and topologies, servers and systems architectures. Leverages deep knowledge of information security frameworks (ex: NIST, COBIT, ISO), standards, policies, controls, tools, laws, rules, regulations, and/or coordinates efforts to mitigate/remediate information security risks. Works with internal and external stakeholders (ex: LOB delegates, SMEs, regulators). Develops, refines, implements, and/or governs Enterprise-wide information security policies, procedures, and standards, as well as industry-leading information security reporting, risk scoring, and governance for the Enterprise. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Typically has 3-5 years of relevant experience and will be an individual contributor.
Shift:1st shift (United States of America)
Hours Per Week:40
Learn more about this role