Sr. Business Risk Analyst - Modern Technologies. Tempe, Austin, Atlanta, Charlotte
The Sr. Business Risk Analyst - Modern Technologies will play a key role in the ongoing technology transformation journey of the Bank. This position will be responsible for the governance and operations of enterprise platforms with established security, compliance, risk and governance requirements of the Bank. This includes developing and operationalization operating guardrails and devising ways to accelerate and automate compliance as well as establishing relationships with technology and business leadership.
Analyzing and streamlining existing processes and maximizing automation is a major responsibility for this role, and it includes developing and operationalizing programmatic guardrails in collaboration with owners and architects of established and emerging enterprise platforms. In this role you will interact directly with a cross-functional team of multiple stakeholders across the bank including leadership teams of enterprise Cloud, API and DevSecOps platforms as well as overall enterprise platform governance leadership.
Qualifications
- Planning, execution of the fieldwork, for internal and external audit exams
- Security readiness assessment in compliance with FFIEC guidelines
- Operationalize status meeting and shared industry best practices and lessons learned
- Scheduling walkthrough meetings, collection of evidence, follow up and sharing the audit findings with stakeholders
- Quality Review of existing Risk Assessment Matrix to ensure compliance with regulation, internal policies and procedures.
- Collaborative relationship with key stakeholders within the Bank’s first and second line of defense, IT Risk and Compliance teams to ensure key performance indicators (KPI’s) and key risk indicators (KRI’s) are developed and monitored for compliance and reporting.
- Assess existing control frameworks and implementations within enterprise platforms against the security, risk and compliance requirements of the bank
- Provide subject matter expertise to strength controls design and implementation effectiveness
- Communicate platform control gaps and remediation plan to internal and external stakeholders
- Implement processes for continuous compliance of enterprise technology platforms against control framework across people, process and technology
- Partner with technical leadership and architects of enterprise platforms to continuously improve and maximize automation of the controls within the framework
- Partner with product managers of enterprise platforms to ensure control gap remediations are incorporated into platform delivery roadmaps and prioritized
- Engage with teams leveraging the platforms to ensure understanding of the risk mitigation provided by controls within the framework and what additionally is required by adopting teams
- Develop metrics and reporting to provide visibility to leadership and stakeholders on maturity of overall compliance across enterprise platforms
- Manage stakeholders and their expectations
- Effectively communicate ideas and information with peers, management, and customers - Serve as a Change Agent and contribute to a culture of continuous compliance
- Liaison with 1st, 2nd and 3rd Risk LOD - Liaison with Modern Platform owners and Application owners to ensure compliance
Skills
- 10+ years of overall industry experience, specifically around cybersecurity, IT risk management, IT audit or compliance
- 5+ years working experience with cloud platforms (AWS) and DevOps
- Passion for achieving excellence in delivery, solving complex problems, and taking ownership
- Expertise in IT operations and security control domains (including application security, change management, patch management, disaster recovery, data center operations, information security and networking)
- Knowledge of, and experience with, financial services regulatory frameworks such as PCI, SOX, FFIEC, CIS20, GDPR, GLBA, CCPA - At least one of the following security certifications: CISSP, CISM, PCI-QSA certifications, or Certified ISO27001 Lead Implementer
- Experience with enterprise IT management frameworks (e.g., COBIT, ITIL)
- Excellent technical, analytical, problem solving, multitasking, and time management skills with consistent attention to detail
- Ability to effectively learn, communicate and use new processes, concepts, tools, and methodology to support the needs of the business
- Strong interpersonal skills, with the ability to work across functional lines and at many levels
- Excellent presentation (written and verbal) communication skills. Ability to effectively communicate technical issues and solutions to all levels of business
- Ability to effectively share technical information and train and mentor less experienced or knowledgeable team members