Join our Talent Network
Skip to main content

Security & Compliance Analyst II

Location: Las Vegas, NV, United States
Date Posted:

Share:
Save Job Saved

Description

 

Position Summary 

The Information Security Governance and Risk Analyst is responsible for assessing and the [IT/Dev] department’s governance, compliance, and risk posture as they relate to its information security and information technology assets. This position provides highly skilled administrative, [security/technology/development] expertise for the development and implementation of information [technology/development] governance, risk, and compliance programs. Responsibilities require leadership and project management experience, as well as the ability to ensure effective system-wide analysis, standards, testing; risk assessment; awareness, education; and development of policies, standards, and guidelines.

Essential Job Functions:

  • Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to information security program governance, risk assessments, compliance activities, and decisions regarding risk, metrics, and program improvements.
  • Operate with a high degree of independence with regard to project management activities, including the development of project plans
  • Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner.
  • Contribute to the development and implementation of the [Information Technology/Software Development] risk management function of the technology risk program to ensure information security risks are identified, managed, and monitored.
  • Internally assess, evaluate, and make recommendations to management regarding the adequacy of the (security and technical) risk controls for the Bank’s information and technology systems.
  • Contribute to the system-wide information security governance and compliance program, ensuring Information Technology, Development & Information Security activities, processes, and procedures meet defined requirements, policies, and regulations.
  • Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with regulatory expectations and relevant legislation.
  • Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors.
  • Familiarity with Information Technology, Development, Information Security, and Industry compliance frameworks such as FFIEC, PCI DSS, NIST CSF, Center for Internet Security, Agile, etc.
  • Communicates with all levels of staff including Information Technology, and Development, management and staff, developers and other technical staff, general counsel, auditors, and technology vendors and contractors,
  • Work with Internal Audit, State and Federal regulators as appropriate on required technology & security assessments, audits, and examinations.
  • Coordinate, track, and execute on all information technology and information security related audits and examinations including scope of audits, timelines, auditing agencies and outcomes.
  • Work with auditors and regulators as appropriate to keep audit focus in scope, maintain excellent relationships with audit and regulatory entities and provide a consistent perspective on the bank’s governance, risk, and compliance efforts.
  • Provide guidance, evaluation, and advocacy on audit responses.
  • Must be able to assess computer hardware, software, and systems for security risks (or violations) and work with Information Technology, Information Security, consultants, and bank vendors to recommend solutions.
  • Develop strategies to address awareness and training for all stakeholders Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
  • Must have a strong customer service orientation and the ability to project that attitude to other teams.
  • Collaborate with bank Business Continuity department on Technology & Information Security business continuity planning, disaster recovery planning, and testing.

Position Requirements:

  • Bachelor’s degree in computer science, information technology, software development, or another related field
  • A self-starter, able to work under general supervision.  Comfortable working with inter-related infrastructure, software development, and information security risk and compliance issues
  • Two to five years of [information technology/development] experience including information security technology skills and expertise
  • Knowledge of information technology and/or software development risk management frameworks and compliance practices
  • Knowledge of information technology, software development, and information security controls
  • Ability to develop security policies, standards, and guidelines based on best practices and industry frameworks.
  • Two to five years participating in information technology, software development, or information security projects.
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
  • Understanding of common security standards and regulations relating to a financial services environment such as FFIEC, PCI DSS, NIST, CSA, Center for Internet Security (CIS), MITRE ATT@CK., ISO 27000, Agile, etc.
  • Two to five years participating in information technology, software development, or information security audits and examinations.
  • Knowledge of financial service industry legal and regulatory requirements

Preferred:

  • Familiarity with security auditing and the financial regulatory examination process (Federal Reserve Bank, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, FFIEC, etc.)
  • Information security governance, risk, and/or compliance experience in financial services or federal/state/local government including documenting risk and compliance activities.
  • Experience participating in information technology, software development, or information security audits and/or risk assessments.
  • Experience producing key metrics, information visualization, and reports.

 

Credit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. Credit One Bank is an equal opportunity employer committed to diversity and inclusion and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, or national origin. Reasonable accommodations can be made for those who require them, including access to job applications and workplace accommodations. Employment at Credit One Bank is based on mutual consent (also known as at-will). This means that employees and the Bank may terminate the employment relationship at any time, with or without cause and with or without notice. Please contact the recruiter for this position to learn more. Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.     

Share: