The IT Risk Analyst I will be responsible for guiding, identifying, and measuring informational and technical risks within FIB’s infrastructure or related third parties. This role will be responsible for performing test work to validate system and application security configurations meet industry and FIB architecture and security standards as well as establishing and leveraging risk metrics and dashboards to continuously assess and report on technical risk.
ESSENTIAL DUTIES & RESPONSIBILITIES include the following; other duties may be assigned.
- Research and evaluate proposed new technologies and platforms to ensure the appropriate technical security controls are specified in the requirements and are in alignment with the security reference architecture and security controls framework.
- Provide security consulting on projects to ensure solution is designed in accordance with security architecture and that security configurations are properly implemented.
- Perform technical security assessments against FIB’s existing infrastructure and products to ensure compliance with security architecture, policies, standards, procedures, and industry best practices.
- Monitor and mature the risk-based IT security metrics, scorecards, and dashboards to track cyber security performance and trends across the organization.
- Communicate deficiencies identified in technical system configurations.
- Assist business in identifying root cause and develop mitigation for deficiencies.
- Work with various groups during product upgrades or new product design to ensure security best practices are implemented.
- Perform technical reviews of third parties cyber and information risk.
- Research emerging technologies in support of security enhancement and development efforts.
EDUCATION and/or EXPERIENCE
- Bachelor’s degree in relevant field or related technical discipline or equivalent experience.
- 2 or more years of IT security audit, architecture, engineer, or risk monitoring.
- Knowledge of concepts and principles in information security functional areas such as cloud security, firewalls and security mediation services, identity and access management, industry standard security frameworks, security controls and compliance frameworks.
- Experience with methods used in performing risk analyses and assessments and measuring cybersecurity compliance.
- Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
- Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
- CISSP, CISA, CRISC, CISRM, or other professional certifications/associations is a plus.
OTHER SKILLS & REQUIREMENTS
- Experience in working with compliance and regulatory program requirements.
- Remain up to date with emerging threats, best practices, and relevant frameworks, guidance, and legislation.
- Capable of managing varied assignments and working independently.
Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.
While performing the duties of this job, the employee is regularly required to walk and talk or hear. The employee frequently is required to stand and sit. The employee is occasionally required to use hands to finger, handle, or feel; reach with hands and arms; and stoop, kneel, crouch, or crawl. The employee must frequently lift and/or move up to 50 pounds. Specific vision abilities required by this job include close vision.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The noise level in the work environment is usually moderate.