Location: San Antonio, TX 78217
Post Date: 05/01/2023
Cyber Risk Analyst
The Cyber Risk Analyst is responsible for supporting the administration of the bank’s Information/Cyber Security Program, Vendor Management Program, and Enterprise Risk Program. This position will support various risk assessment processes throughout the Bank to include cyber, information, regulatory (Gramm-Leach Bliley Act [GLBA]/Federal Deposit Insurance Corporation [FDIC]/Federal Financial Institutions Examination Council [FFIEC]), application security and vendor risk management. The Cyber Risk Analyst is responsible for supporting the development, modification, and enforcement of the Bank’s Information/Cyber Security with a focus on Application Security, Vendor Management and Enterprise Risk Management Policies and Procedures to ensure the Bank is providing adequate protection over information assets and is following all regulatory requirements.
DUTIES & RESPONSIBILITIES:
- Support in maintaining, monitoring, and enforcing information/cyber security policies, procedures, and standards as it relates to application security, vendor and risk management.
- Support and maintain the Vendor Management and Risk Management Systems.
- Support the maintenance and administration of the Vendor Management Program.
- Support the maintenance and administration of the Information/Cyber Security Risk Assessment Program (GLBA/FFIEC Risk Management).
- Ensure compliance with established vendor and risk management policies, procedures, and standards through an ongoing monitoring process.
- Support the review of banking applications to ensure adequate security controls are in place per established policies, procedures, and standards.
- Assist in performing periodic risk assessments for various Bank functions and applications such as online banking, ATM/Debit Cards, Wire Transfers, Lending, and IT Support activities.
- Ensure that information/cyber risk is adequately identified, assessed and monitored through the development and implementation stages of any new technology or service.
- Assess and mitigate cyber, information and vendor risk exposures through the identification of key and emerging risks and evaluate alignment within defined risk strategy and appetite.
- Ensure that adequate security controls are in place and operating effectively to protect the confidentiality, integrity, and protection of systems/network, computers, data, software and hardware.
- Communicate results of risk assessments to various committees, business process owners and management.
- Responsibilities may require off site attendance at seminars or meetings with consultants, professional or community groups.
- This job description is not intended to be all-inclusive, and the employee will also perform other reasonably related business duties as assigned by the immediate supervisor and other management as required. Also, these duties and responsibilities will change as business conditions and technology mandates such change.
Minimum of 3 full-time years of previous job-related work experience in Information Security, Application Security, or Risk Management.
Excellent writing and communication skills.
Experience working for a financial institution.
Understanding of GLBA compliance and other FDIC/FFIEC Regulations
Knowledge of banking systems, applications, products/services, and departmental functions
Knowledge and experience in GLBA, Vendor and IT/Cyber Risk Assessments
Knowledge and experience in FFIEC Cybersecurity Assessment Tool
Bachelor’s Degree in Risk Management, Information / Cyber Security or related field
Currently hold one of the following credentials: CISSP, CRISC
Click Here to Apply