IT Systems Risk Analyst

It's fun to work at a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.

Recruiting agencies must have a valid, written and fully executed Master Service Agreement and Statement of Work for consideration.

Job Summary:

The IT Systems Risk Analyst is responsible for the identification, evaluation, and assessment of cybersecurity risks affecting United Fidelity Bank systems – including hardware, software, and networking system architectures – from threats and vulnerabilities to inefficient configurations and setups. The incumbent will work closely with other functional area subject matter experts (Enterprise Risk Management, Compliance, Audit, and Information Technology) to understand, develop, and maintain United Fidelity Bank’s internal systems risk areas.

Essential Job Functions include, but are not limited to:

• Works closely with the IT GRC Manager, IT department stakeholders, and leadership for all duties.
• Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents, threats, trends, and techniques for employee consumption.
• Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank.
• Conducts formal Risk Assessments using CIA / IL and other risk frameworks.
• Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives.
• Conducts comprehensive risk assessments for the Bank’s technology assets, including hardware, software, and networking assets within the Bank’s Source of Record.
• Reviews CIS Level I Configuration reports and analyses to assess risks and gaps associated with departmental configuration initiatives.
• Taps industry accepted vulnerability databases cross-referenced with the Bank’s systems and assets to create priority plans for the most severe threats.
• Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations, which can become outdated or factually inaccurate as new technologies emerge.
• Contribute to internal system and asset Business Impact Analysis (BIA) from an IT risk perspective.
• Measure risks against the Bank’s risk tolerance and review control expirations and compensations.
• Reviews JML (Joiner/Mover/Leaver) Control health in the Bank’s internal systems.
• Coordinates with Vendor Management concerning EULA Licensure of IT vendors.
• Classifies vital statistics and data sensitivity labeling for IT systems.
• Assists with BC/DR (Business Continuity/Disaster Recovery) testing and documentation.
• Work with auditors and regulators for annual and/or bi-annual risk reviews.
• Participate in Change Advisory as needed.
• Perform all duties in relation to the Bank Secrecy Act under the guidance of the BSA Officer.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. In accordance with the Americans with Disabilities Act, Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

Skills and Abilities Required to Perform Essential Job Functions:

• Demonstrable knowledge analyzing threats and vulnerabilities for inherent and residual risk.
• Working knowledge of regulatory compliance frameworks, e.g., GLBA, FFIEC, or similar.
• Thorough understanding of technology frameworks, e.g., NIST CSF 2.0, CIS, COBIT or similar.  
• Understanding of the contemporary information security threat landscape and how to protect it via industry best practice policies, standards, and written guidance.
• Knowledge of cybersecurity EDR tools, risk remediation, and governance processes.
• General knowledge of security systems, e.g., firewalls, IDS, WAF, NAC, and net communications.
• Understanding data loss prevention, threat protection, group policy, and anti-malware tools.
• Knowledge of cloud infrastructure, virtual platforms, encryption technologies, endpoint protection, network systems such as routers, load balancers, mail transport systems and cybersecurity.
• Clear and concise written and verbal communication skills.
• Analytical, multi-tasking, hypothetical modeling, and critical thinking skills.
• Experience working with cross-functional leaders and stakeholders to devise risk mitigation plans and implement cybersecurity risk controls before evaluating their effectiveness.
• Proficiency with Microsoft Office Suite (Excel, Outlook, PowerPoint, Teams, SharePoint, and Word).

Education, Experience and Qualifications:

• Bachelor’s degree in a compositional, technical, or security field, preferred.
• 4+ years’ work experience in systems administration, cybersecurity, GRC, or Risk.
• Experience in using risk management platforms such as Optro, AuditBoard, or Archer.
• Security (Sec+, CySA+, CISSP, CEH) or GRC (CRISC, CGRC) certification(s) preferred.
• Banking industry experience preferred.

Physical Requirements of Essential Job Functions:

The associate is frequently required to sit and/or stand, communicate, reach, and manipulate objects, tools or controls that are typical of an office/bank environment. Lifting items weighting up to 10 pounds on a consistent basis. Manual dexterity and coordination are required over 80% of the work period while operating equipment such as computers, phones, calculators, etc.

Working Conditions:

• Typical office environment.
• Extended viewing of computer screens.
• Periodic travel between locations may be required.

The above statements are intended to describe the general nature and level of work performed by associates assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of the associate classified as such. Duties and responsibilities may be added or changed as deemed appropriate by management at any time therefore, they could differ from those outlined above.

United Fidelity Bank is proud to be an Equal Opportunity/Affirmative Action employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, status as a qualified individual with disability, sexual orientation, gender identity or any other characteristic protected by law.