IT GRC Analyst IV

Information Technology

The Information Technology team supports almost every area of the Bank. Utilizing technology solutions to collect and interpret data for business strategies and providing infrastructure for all business operations. “Individuals who have growth aspirations for their career, will not find a better place. You want to be in a growing company that can support your growth. We provide that unique mix.” Click here to learn more about the IT team.

Position Summary

As part of the company's first line of defense, Information Technology Governance and Risk Management provides oversight of risk-mitigation activities. This role helps establish and maintain the IT department’s risk management program and provides oversight, including challenges to an independent assessment of, the first line’s execution of its risk management responsibilities.

The Bank manages risk according to the Bank’s Risk Management Framework and ensures all employees understand their individual accountability for managing risk. Risk management roles depend on a variety of skills, including Data analysis and synthesis, root cause analysis,ange management, process management & and execution, risk governance, risk strategy, risk identification & and assessment, risk prevention, controls & and mitigation, risk monitoring, reporting & escalation, risk systems & technology

This Compliance role, with a strong focus on Information Technology, will function as a senior member of the IT Governance Risk and Controls Team, responsible for developing, reengineering, and implementing a comprehensive IT Governance and Risk Management Program; designed to ensure that the IT department follows all appropriate banking laws and regulations. The ideal candidate will serve a senior role, ensuring ongoing technical risk assessments, process improvements, and strict regulatory compliance.

Essential Job Functions:

•         Supports the evaluation of all areas of IT to identify and remediate any audit issues, focusing on ensuring regulatory requirements are met, including technical standards, internal controls, and process improvement. E
•         Supports all first line (1LOD) risk management activities including first-line IT control evaluation.
•         Supports the coordination with the second line (2LOD) technology risk function in the preparation of IT Risk and Control Self Assessments (RCSA).
•         Support the preparation and maintenance of periodic IT risk assessments.
•         Maintains the corps of IT documentation (policy, standards, procedures), etc.
•         Maintains advanced knowledge of laws, regulations, and regulatory guidance (i.e., compliance) related to the bank's IT activities and services.
•         Responsible for providing guidance and oversight in all regulatory areas that IT must comply with.
•         Analyzes reports, guidance, and communications received from the Office of the Comptroller of Currency (OCC).          Maintains a strong working relationship with all departments throughout the bank.
•         Prepares periodic updates for Management regarding the results of IT governance and risk management.
•         Assists leadership with implementing procedures that address newly enacted regulations or procedural modifications necessitated by changes in regulations or identified compliance exceptions.
•         Supports and facilitates regulatory examinations and internal audits and ensures that departments take corrective action as identified in monitoring reviews by the Compliance Department and regulatory examinations.
•         Supports Compliance and other support group partners with the enterprise-wide enhancement of compliance structures due to new laws, regulations, Corporate and other requirements, and new products.
•         Stays abreast of new laws, regulations, and standards, and assesses their impact on the business.

Position Requirements:

•  At least 3 years of experience working with business leaders and enterprise projects.
•  Strong Technology, Project management, multitasking, and organizational skills.
•  Applicable and knowledgeable with national and global technology policies, regulations, and security frameworks.
•  Capable of working with diverse teams and promoting an enterprise-wide positive audit and compliance culture.
•  Adept at understanding business focus and processes and ability to inject technology into the business through teamwork and influence.
•  High level of integrity, trustworthiness, and confidence to represent the company and risk management leaders with the highest level of professionalism

Preferred:

• Bachelor's degree in Computer Science, Information Assurance, or related technical field or Business Administration. Experience can be utilized in lieu of a degree. At least 5+ years’ IT or cybersecurity experience (or IT coupled with cybersecurity), with at least 3+ years in an IT and/or Information Security compliance and audit operationally focused role (e.g., PCI DSS, SOX, SSAE18, GDPR, NIST, COBIT, etc.)