The Information Security Risk Analyst will support the Information Security risk management process within the Company. The primary responsibilities of the position are to assess adequacy of security and business continuity/disaster recovery controls, evaluate threats and vulnerabilities and calculate the level of current and residual risk and communicate these risks to business units and management.
The ideal candidate will be a self-starter and have an inquisitive, analytical mind that constantly looks for solutions to difficult problems. The analyst must have the ability to convey complicated technology and security concepts to management and ideally has technical knowledge and/or experience in security, networking, systems administration, database administration, architecture or another technical domain. Alternatively, proficiency in a risk management framework and conducting risk assessments in a regulated environment is desired.
The Information Security Risk Analyst needs excellent verbal and written communication skills with the ability to understand business requirements. To succeed in this position, they must be able to develop risk management strategies that align with business goals and operations and protect the confidentiality, integrity and availability of information systems and our data.
RESPONSIBILITIES AND DUTIES:
Continuously identify, assess, measure and monitor information technology risk by performing independent hands-on risk assessments. Includes both in house systems and vendor based solutions covering Information Security, Business Continuity and compliance risk.
Identify and communicate recommended security and business continuity controls and control deficiencies for business units. Document and monitor the implementation of controls for technology and business project plans.
Review vendor contracts for compliance with Bank security, business continuity and disaster recovery requirements and recommend appropriate language as necessary
Develop an overall risk management strategy for new or existing services with key business stakeholders.
Maintain broad knowledge of best practices and trends in the field of Information Security and Business Continuity.
Perform duties & responsibilities specific to department functions & activities.
Performs other duties & responsibilities as required or assigned by supervisor
Responsibilities include the following: 1) adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (i.e. Bank Secrecy Act, USA PATRIOT Act, etc.), 2) adhering to Bank policies and procedures, 3) completing required training, 4) identifying and reporting potential suspicious activity to the BSA/AML Officer, and 5) knowing and verifying the identity of any customer(s) that enters into a relationship with the Bank.
Critical features of this job are described under the items above. They may be subject to change at any time due to reasonable accommodation or other reasons. This job description reflects management’s assignment of essential functions; it does not prescribe or restrict the tasks that may be assigned. Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.
SKILLS, KNOWLEDGE AND ABILITIES:
Minimum 4 year college degree required.
Knowledge and/or experience with LANs, WAN, VPNs, Routers, firewalls, and IDS/IPS systems desired.
Relevant information security certifications (e.g., CISSP, CISA, CISM, CRISC, or GIAC) preferred or the ability to gain a certification within 6 months of hire.
3 years of security, information technology or technology risk management related work experience.
Strong communication & organizational skills, ability to multi-task, strong attention to details, excellent problem solving and follow-up skills required.
Work independently, make decisions and multi-task effectively in a very diverse, project oriented environment.
Ability to complete high quality deliverables.
Provides extraordinary service
Furthers the First Republic Bank culture and values
The ability to learn and comprehend basic instructions; understand the meanings of words and respond effectively; and perform basic arithmetic accurately and quickly.
Vision must be sufficient to read data reports, manuals and computer screens.
Hearing must be sufficient to understand a conversation at a normal volume, including telephone calls and in person.
Speech must be coherent to clearly convey or exchange information, including the giving and receiving of assignments and/or directions.
Position involves sitting most of the time, but may involvewalking or standing for brief periods of time.