Summary: The Technology Risk Analyst supports the Enterprise Technology Risk Management function in the design, formation, implementation, and execution of the Bank’s Technology Risk Management governance framework. The ideal candidate must have a strong background in technology risk management, specifically with experience in working on risk registers, conducting enterprise technology risk assessments, and handling ISO 27001/2 certification processes. This role requires a detail-oriented individual with excellent analytical and communication skills, capable of identifying, assessing, and mitigating technology-related risks to ensure the security and compliance of the Bank.
Job Responsibilities:
- Technology Risk Assessments
- Regularly conduct comprehensive enterprise technology risk assessments to identify potential threats, vulnerabilities, and organizational impacts.
- Develop, maintain, and update the organization’s risk register, ensuring all technology-related risks are accurately documented and monitored through a collaborative effort with various departments to gather and analyze data, ensuring all risk assessments are thorough and reflective of the current technology landscape.
- Continuous Improvement and Compliance
- Develop and maintain policies, procedures, and controls in accordance with ISO 27001/2 standards to ensure continuous compliance.
- Monitor and review the effectiveness of the implemented risk management framework and propose improvements as necessary.
- Maintain current knowledge of advances in enterprise technology risk management, data analysis, data security, and regulatory standards. Recommend improvements when appropriate.
- Act as a risk champion across the Bank. Conduct training and awareness programs for staff to promote a culture of risk awareness and compliance within the organization.
- Ensure Bank data assets are safeguarded by ensuring cybersecurity procedures and regulatory guidelines are documented, followed, tested, and remediated when appropriate. Stay current with emerging technology risks, trends, and regulatory changes to ensure the organization’s risk management practices remain effective and up-to-date.
- Controls
- Evaluate the control environment by ensuring appropriate controls are in place.
- Develop control structures where required to ensure effective technology management.
- Provide regular reports and updates to senior management on the status of the risk management program and compliance with ISO 27001/2 standards.
- Act as a liaison between the organization and external auditors or regulatory bodies during audits or assessments related to technology risk and ISO 27001/2 certification
- Reporting
- Work closely with other members of the Enterprise Technology Risk Management Team to help develop metrics (KRI/KPI) reporting as it relates to Technology Risk Management adherence throughout the bank
- Other Responsibilities
- Performs other job-related duties as assigned.
Job Requirements:
- Bachelor’s Degree in Information Technology, Computer Science, Risk Management, or a related field.
- Minimum of 5 years of experience in technology risk management, with a focus on risk registers and enterprise technology risk assessments.
- Proven experience with ISO 27001/2 certification processes, including maintaining and updating certification requirements.
- Experience implementing or supporting the implementation of ISO 27001/2 standard.
- Strong knowledge of risk management frameworks and methodologies.
- Excellent analytical, problem-solving, decision-making, and time management skills.
- Strong interpersonal, written, and verbal communication skills.
- Ability to collaborate effectively with various stakeholders.
- Professional certifications such as CRISC, CISA, CISSP, or ISO 27001 Lead Implementer/Auditor are highly desirable.
- Familiarity with regulatory requirements and industry best practices related to technology risk and information security.
Columbia Bank and its affiliates is an Equal Opportunity Employer
