IT Security Risk and Compliance Analyst -Banking
Job Description
Job Description
IT Security Risk and Compliance Analyst
Bank of the Orient is an independent Asian Community Bank that has proudly served the financial needs of multiple Bay Area communities for over 54 years and the Sugar Land, Texas area. We are well known for our commitment to providing the highest level of personal service to our customers; we take a personal interest in our communities' unique banking needs, we are dedicated to providing integrity in banking and financial services, we provide high quality dependable service by being accessible and reliable. We are committed to excellence in everything we do.
We have an opening for an IT Security Risk and Compliance Analyst and Under the direction of the Chief Operating Officer, this position is responsible for the deployment, monitoring, maintenance, and enhancement of bank’s various security and risk management related programs and will work as part of IT team to implement and support a secure enterprise environment. The role will cross security and risk management disciplines which include but not limited to: Information Security, Security Incident Response, Business Continuity and Disaster Recovery, Vendor Risk Management and Project Management. Assist and serve as backup to bank’s network security administrator role when there are business needs.
ESSENTIAL DUTIES:
1. Support the maintenance and improvement of bank's Information Security, Risk and Compliance programs and its supporting technologies to effectively address information technology and vendor risks in alignment with the organization's risk appetite and ensure regulatory compliance.
2. Perform risk analysis and partner with stakeholders to create treatment plans that achieve an acceptable level of risk.
3. Develop and analyze reports and alerts to identify control gaps and propose changes to improve the bank's security, risk and compliance posture.
4. Document and monitor the implementation of controls for technology and business project plans.
5. Lead and coordinate incident response activities for all IT security incidents and conduct root cause analysis and document lessons learned reviews to ensure continuous process improvement.
6. Conduct and manage the delivery of information security awareness training for employees, contractors, board members, and other third parties as appropriate and facilitate/promote activities to foster information privacy and security awareness culture within the bank.
7. Maintain current knowledge of applicable federal and state privacy and security laws and accreditation standards, and monitor advancements in information privacy and security technologies to ensure organizational adaptation and compliance
8. Support the maintenance of the Bank's vendor management lifecycle phases from on-boarding, periodic monitoring, risk assessments, and termination
9. Collaborate with business owners and other internal stakeholders to ensure vendor risks are properly identified and controls are in place to mitigate risk and minimize financial, regulatory, and reputational exposure. Effectively communicate and collaborate with business owners and support their third party strategic initiatives.
10. Liaise with cross-functional Subject Matter Experts and/or stakeholders to ensure vendor engagements are compliant with bank policies and regulatory guidance.
11. Performing periodic reviews of network user and group access and business applications.
12. Responsible and/or serve as backup for the operations and monitor of the Enterprise Output Manager system. This includes transferring files to third party applications and/or vendors and ensuring all daily, weekly and monthly report jobs have completed successfully.
13. Responsible for report administration within the IT delivery and support and security system. This includes writing reports and providing support to business end users and managements.
14. Utilize business applications/tools to perform duties including updating and sharing policy and procedure documentation with stakeholders.
15. Participate and coordinate with vendors for network application administration. This includes performing application upgrades and providing support for end users.
16. Demonstrates quality customer service principles with internal and external customers consistently.
17. Prepare presentation and reports for executive and Board level review and perform other duties and special projects as assigned.
REQUIREMENTS:
1. Bachelor’s degree in information technology or related major and 4+ years equivalent work experience
2. Knowledge and experience with client/server applications, WAN topology and design.
3. Experience with databases and report query tools is preferred
4. Knowledge and work experience with industry information security and GRC tools is preferred
5. Knowledge of IP concepts, and Microsoft and Linux Operating Systems is required.
6. Must be able to understand and execute instructions in English accurately and efficiently, verbally and in writing
7. Ability to effectively work with all areas of the Bank and outside vendors.
8. Good troubleshooting, analytical, and organization skills with attention to detail.
9. Knowledge of commonly used concepts, practices, and procedures within the regulated financial services industry.
10. Requires the ability to build on the training and experience received and to extrapolate the knowledge gained in the past to understand and solve new problems.
11. Requires the ability to work well under limited direct supervision
12. Familiar with various peripheral devices such as printers, routers, switches and other equipment found in an IT environment.
Bilingual a plus
The candidate will be subject to investigation through credit checks, reference checks, background checks and fingerprinting checks performed at the time permissible under relevant law.
Email resume to: Career@bankorient.com
Visit our website at: www.bankorient.com for additional information.
Bank of the Orient is proud to be an Affirmative Action, Equal Opportunity Employer.