Technology Risk Advisor
1195 - Technology Risk Advisor
TECHNICAL SKILLS
Must Have
Ability to communicate ideas both verbally and in writing to management, business and IT sponsors, and technical resources in language that is appropriate for each group
Ability to conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems
Ability to develop and maintain Information Security standards, procedures, and guidelines
Ability to prioritize multiple tasks
Ability to work independently, as well as in a team environment.
Ability to work well with a team to coordinate activities
Risk Assessment
Technology and/or Risk foundational knowledge or experience
Nice To Have
Ability to conduct research on Information Security industry trends, developments, technology and capabilities, and make recommendations to the IS/IT teams to improve IS products and services
JOB SUMMARY
Technology Risk Advisor
JOB DESCRIPTION
Supports the execution of risk management programs for Information Technology and Information Security. Maintain a balance between increased efficiency and appropriate risk mitigation and controls for the Line of Business (LOB)/function in alignment with Risk Management vision and strategy and the LOB strategic plan. The Technology and Information Security Analyst provides oversight and credible challenge to LOB/functions and escalates concerns, as appropriate, in support of the Bank's Risk Management Framework.
This position is responsible for providing oversight and challenge to technology and information security activities. This position is responsible for hands-on execution of control/risk assessments and the development of control enhancement recommendations.
Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined. Accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience. While operating within the Bank's risk appetite, achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.
This position is responsible for providing oversight and challenge to information technology activities. This position is responsible for hands-on execution of control/risk assessments and the development of control enhancement recommendations. Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Supports the Information Security Extended Security Program team in the execution of responsibilities to conduct risk assessments, assist with self-assessment programs, perform technical research on information security and risk topics, and other activities that support information security risk management goals.
Understands operational risk program elements (i.e. IT/CSRM, RCSA, BCRA, KRI, etc) methodology, governance, standards, and procedures, including templates and overall framework.
Understand the organizational structure and primary objectives of the LOBs supported.
General understanding of key data privacy regulations (e.g. GLBA, PCI DSS, CCPA, GDPR)
Ensure the operational risk appetite is understood by the business.
Partner with LOB for risk issue identification, escalation, and resolution. Oversee the identification and documentation of operational processes, risks, and controls.
Serve as resource and provide guidance to the LOB on risk management issues.
Provide oversight of LOB risk Program activities including, but not limited to, key risk indicators, risk control assessments, business change risk assessment, policy/guideline reviews, and third-party risk support.
Performs periodic reviews of LOB procedures and provides guidance for new processes.
SUPERVISORY RESPONSIBILITIES: None
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED
3 years of information technology experience required. Desired experience should include a foundation in IT security and controls. While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
Relevant technical or professional certification, such as CISM, CRISC, CISA or CISSP, is a plus
Expertise in technology and security frameworks such as NIST, COBIT and ITIL are strongly desired
Bachelor's degree required, preferably in computer science or information systems.
A clear understanding of the Bank's approach to the management of operational risk, or equivalent experience gained in other organizations is preferred
Professional verbal and written communication skills and the ability to communicate with discretion and understanding when confidentiality is required.
Must demonstrate intellectual curiosity, be analytical and possess the ability to interpret and apply policies and regulations across a complex business(es).
A general understanding of banking regulations is a plus.
Must be results and goal oriented, possess sound judgment and ability to apply logical/critical thought processes when approaching work or making recommendations for solutions.
Ability to work in a dynamic work environment that requires multiple demands, shifting priorities, and rapid change.
Must be able to maintain independence and objectivity in all aspects of position.
Working knowledge of Microsoft Office products. Demonstrated ability to learn applications and internal banking systems.
TECHNICAL SKILLS
Must Have
Ability to communicate ideas both verbally and in writing to management, business and IT sponsors, and technical resources in language that is appropriate for each group
Ability to conduct risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems
Ability to develop and maintain Information Security standards, procedures, and guidelines
Ability to prioritize multiple tasks
Ability to work independently, as well as in a team environment.
Ability to work well with a team to coordinate activities
Risk Assessment
Technology and/or Risk foundational knowledge or experience
Nice To Have
Ability to conduct research on Information Security industry trends, developments, technology and capabilities, and make recommendations to the IS/IT teams to improve IS products and services
JOB SUMMARY
Technology Risk Advisor
JOB DESCRIPTION
Supports the execution of risk management programs for Information Technology and Information Security. Maintain a balance between increased efficiency and appropriate risk mitigation and controls for the Line of Business (LOB)/function in alignment with Risk Management vision and strategy and the LOB strategic plan. The Technology and Information Security Analyst provides oversight and credible challenge to LOB/functions and escalates concerns, as appropriate, in support of the Bank's Risk Management Framework.
This position is responsible for providing oversight and challenge to technology and information security activities. This position is responsible for hands-on execution of control/risk assessments and the development of control enhancement recommendations.
Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined. Accountable for always doing the right thing for customers and colleagues, and ensures that actions and behaviors drive a positive customer experience. While operating within the Bank's risk appetite, achieves results by consistently identifying, assessing, managing, monitoring, and reporting risks of all types.
This position is responsible for providing oversight and challenge to information technology activities. This position is responsible for hands-on execution of control/risk assessments and the development of control enhancement recommendations. Responsible and accountable for risk by openly exchanging ideas and opinions, elevating concerns, and personally following policies and procedures as defined.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Supports the Information Security Extended Security Program team in the execution of responsibilities to conduct risk assessments, assist with self-assessment programs, perform technical research on information security and risk topics, and other activities that support information security risk management goals.
Understands operational risk program elements (i.e. IT/CSRM, RCSA, BCRA, KRI, etc) methodology, governance, standards, and procedures, including templates and overall framework.
Understand the organizational structure and primary objectives of the LOBs supported.
General understanding of key data privacy regulations (e.g. GLBA, PCI DSS, CCPA, GDPR)
Ensure the operational risk appetite is understood by the business.
Partner with LOB for risk issue identification, escalation, and resolution. Oversee the identification and documentation of operational processes, risks, and controls.
Serve as resource and provide guidance to the LOB on risk management issues.
Provide oversight of LOB risk Program activities including, but not limited to, key risk indicators, risk control assessments, business change risk assessment, policy/guideline reviews, and third-party risk support.
Performs periodic reviews of LOB procedures and provides guidance for new processes.
SUPERVISORY RESPONSIBILITIES: None
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED
3 years of information technology experience required. Desired experience should include a foundation in IT security and controls. While experience in a number of IT disciplines may provide a solid framework for this position, hands-on results from performing IT risk assessments, information security consulting or IT audits are most beneficial.
Relevant technical or professional certification, such as CISM, CRISC, CISA or CISSP, is a plus
Expertise in technology and security frameworks such as NIST, COBIT and ITIL are strongly desired
Bachelor's degree required, preferably in computer science or information systems.
A clear understanding of the Bank's approach to the management of operational risk, or equivalent experience gained in other organizations is preferred
Professional verbal and written communication skills and the ability to communicate with discretion and understanding when confidentiality is required.
Must demonstrate intellectual curiosity, be analytical and possess the ability to interpret and apply policies and regulations across a complex business(es).
A general understanding of banking regulations is a plus.
Must be results and goal oriented, possess sound judgment and ability to apply logical/critical thought processes when approaching work or making recommendations for solutions.
Ability to work in a dynamic work environment that requires multiple demands, shifting priorities, and rapid change.
Must be able to maintain independence and objectivity in all aspects of position.
Working knowledge of Microsoft Office products. Demonstrated ability to learn applications and internal banking systems.
