Senior Information Security Risk Analyst

July 2, 2024

AgFirst’s Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards, and bank policies, directives, and standards. The Senior Analyst will perform comprehensive information security risk assessments that evaluate inherent risk, plan controls and safeguards, and ensure alignment of residual risk and risk appetite. The Senior Analyst will evaluate technology and business projects, and business requirements, and recommend security controls to ensure effective information security and compliance with enterprise standards. The Senior Analyst communicates information security risk issues and controls gaps through the governance, risk, and compliance function. If this opportunity is of interest to you, apply today!

What you’ll do

Foster a culture of collaboration and responsible information security risk management through the definition and adherence to appropriate risk appetites, control frameworks, policies, and directives.
Serves as an IS Governance, Risk, and Compliance expert for business line projects and participates in the development, implementation, and maintenance of information security for the bank.
Assist with enterprise information security risk deliverables and collaborate with risk partners on information security priorities.
Perform Information Security Risk Assessments; decompose complex risk issues and business line consensus on risk level and risk response to include acceptance and mitigation of risks, and establish and communicate residual levels.
Identify and evaluate complex technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement.
Monitor information security trends internal and external to the bank and keep business lines informed about information security-related issues.

What you’ll need

A degree in Information Assurance, Information Systems, Risk Management, Auditing, Computer Science, or a related field or the equivalent in education and work experience
Minimum of 8 years of experience in the Information Security field, with at least three years of information security risk management or operational risk, developing and executing information security risk assessments using industry-standard approaches, methodologies, and frameworks (NIST, Financial Services Regulations).
CISSP, CISM, CISA, CRISC, or equivalent industry-recognized certification preferred.
Possess strong/experienced application development or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.
Expert knowledge of and demonstrable experience in application security, vulnerability testing, and development of risk appetite, as well as significant experience evaluating cyber security controls
Strong awareness and experience with industry risk analysis approaches (ISO, COBIT, COSO) as well as all industry regulations and standards (SOX, GLBA, FFIEC, OCC, HIPAA, PCI DSS, NIST, OWASP)