Description
Position Summary
As part of the company's first line function, Information Technology Governance, Risk and Compliance functions as a first-line risk management role providing assessment, oversight, and control mitigation activities essential to IT. This role helps establish and maintain the IT department’s risk management program and provides oversight, including analysis, testing, and effective challenge to process owners responsible for first-line IT functions. The position also prepares and maintains independent assessment of, and supporting evidence of, the first line’s execution of its risk management control functions and responsibilities.
The Bank manages risk according to the Bank’s Risk Management Framework and ensures all employees understand their individual responsibility for managing risk and demonstrate compliance. IT Risk management roles depend on a variety of skills, including information processing systems; networking and security systems; architecture, infrastructure, and cloud operations; software development and project management; configuration, change and release management; vulnerability, patching and incident management; service, support, and departmental resource governance, and, issue management and remediation, among others. In addition to the technical disciplines described previously, the role involves and requires knowledge of, and experience with, data analysis and synthesis, root cause analysis, change management, process management & and execution, risk governance, risk strategy, risk identification & and assessment, risk prevention, controls & and mitigation, risk monitoring, risk reporting & escalation, risk systems & technology, and evidence collection and documentation.
This IT Governance, Risk and Compliance Analyst role will function as an essential member of the IT Governance Risk and Controls Team, responsible for planning, researching, developing, and performing comprehensive IT risk assessments and control testing to measure, document and ensure the IT department adheres to all appropriate policies, procedures, standards, laws, and banking regulations.
Essential Job Functions:
- Researches, scopes, prepares, and performs assessments including but not limited to, GTAG / ITGC; SOX (303 / 404); COBIT; NIST (CSF, 800-53), GLBA; GDPR, CCPA, CCPR; PCI DSS; various OCC / FFIEC-related (InTREx, TPRM, BCM/DR, AIO, etc.); RCSA; and others as necessary.
- Researches, performs, and documents control testing evaluations.
- Conducts assessment interviews, workshops, walkthrough evaluations, documents control descriptions, documents process narratives, prepares data flow diagrams, maintains inventories of risks, assets, controls, evaluations, supporting evidence, etc.
- Establishes tests of design and test of control effectiveness, collects data (log files, system configurations, parameters / attributes, etc.), conducts analysis, reviews evidence artifacts, etc.
- Develops test plans commensurate with industry frameworks and best practice standards.
- Researches and maintains current knowledge of relevant industry standards and frameworks; banking industry regulations; technology and security standards; and privacy and confidentiality laws and regulations.
- Updates relevant risk assessments, control objectives, and related test steps to ensure they remain current.
- Maintains timely and up-to-date knowledge of information systems and technology, and compliance-related continuing professional education.
- Contributes to the advancement of the IT department's culture of risk awareness and maturity.
- Maintains various IT documentation (policy, standards, procedures), etc.
- Maintains advanced knowledge of laws, regulations, and regulatory guidance (i.e., compliance) related to the bank's IT activities and services.
- Responsible for providing guidance and oversight in all regulatory areas that IT must comply with.
- Analyzes reports, guidance, and communications received from the Office of the Comptroller of Currency (OCC).
- Maintains a strong working relationship with all departments throughout the bank.
- Prepares periodic updates for Management regarding the results of IT governance and risk management.
- Assists leadership with implementing procedures that address newly enacted regulations or procedural modifications necessitated by changes in regulations or identified compliance exceptions.
- Supports and facilitates regulatory examinations and internal audits and ensures that departments take necessary corrective action as identified in monitoring reviews by the Compliance Department and regulatory examinations.
- Supports Compliance and other support group partners with the enterprise-wide enhancement of compliance structures due to new laws, regulations, Corporate and other requirements, and new products.
- Stays abreast of new laws, regulations, and standards, and assesses their impact.
Position Requirements:
- Strong IT, networking, infrastructure, database, project management, multitasking, and organizational skills.
- At least 3 years of experience working with business leaders and enterprise projects.
- Applicable and knowledgeable with national and global technology policies, regulations, and security frameworks.
- Capable of working with diverse teams and promoting a positive enterprise-wide audit and compliance culture.
- Adept at understanding business functions and processes and ability to influence technology control management into the business through teamwork and persuasion.
- High level of integrity, trustworthiness, and confidence to represent the company and risk management leaders with the highest level of professionalism.
Preferred:
- Bachelor’s degree in computer science, Information Technology, Information Assurance, or related technical field or Business Administration. Experience and relevant technical certifications can be supplemented in lieu of a degree.
- At least seven (7) years’ IT systems, networking, applications, database, or IT-process experience (governance, asset, change, vulnerability, patch, project management, etc.), with at least three (3) years in a hands-on IT systems or network management role; or an IT audit or IT risk management oversight function in an operationally focused role (e.g., PCI DSS, SOX, SSAE18, GDPR, NIST, COBIT, etc.).
- Prior experience working in the financial services sector; prior experience working in support of internal and external audits and regulatory examinations.
Credit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. Credit One Bank is an equal opportunity employer committed to diversity and inclusion and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation, or national origin. Reasonable accommodations can be made for those who require them, including access to job applications and workplace accommodations. Employment at Credit One Bank is based on mutual consent (also known as at-will). This means that employees and the Bank may terminate the employment relationship at any time, with or without cause and with or without notice. Please contact the recruiter for this position to learn more. Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.