Erm It Risk Analyst Sr

Position Title
ERM IT Risk Analyst Sr
Location
NYCB Plaza -102 (Hicksville, NY)
Job Summary
JOB SUMMARY
The ERM IT Risk Analyst, Sr. will assist in the implementation and execution of an effective risk based program meant to identify, measure, assess, report, and monitor risk exposures related to Information Technology (IT), Cybersecurity, and Information Security (IS) through effective review and challenge on all Information Technology framework and deliverables. This role will support the ERM Strategic and Operational Risk Manager as well as interface with the Bank's lines of business (LOB) and their respective Business Process Owners (BPOs).
Pay Range: $105,900.00 - $160,238.00 - $203,100.00
Job Responsibilities:
ESSENTIAL FUNCTIONS

• Supports the appropriate design, implementation, and/or execution of the risk management framework, e.g. risk identification, assessment, and effective second line challenge on processes across all aspects of IT and IS.
• Responsible for specifying and sourcing applicable IT and IS operations' data, analyzing the information to identify the principal sources of risk and to provide management reporting to assist management and the Board in making better informed IT/IS operational business decisions with a focus on forward looking metrics.
• Assesses IT and IS business risks and supports the ERM Strategic and Operational Risk Manager to ensure adequate detective and preventative controls are in place to mitigate risk.
• Performs internal controls assessments of existing controls against established standards or emerging technologies to identify inherent risk and evaluate key mitigating controls.
• Engages in root cause analysis and works with the appropriate groups to recommend controls and solutions when researching IT/IS related risk events, operational processes, and new regulatory initiatives.
• Evaluates IT/IS risk assessments to determine design gaps in scope and control coverage.
• Manages IT/IS risk events and risk action items to closure through normal incident management process.
• Works with the LOB to develop relevant and measurable IT/IS key risk indicators (KRIs) and assesses periodically the adequacy/quality of IT/IS related KRIs.
• Assesses the adequacy of related ERM IT and IS Risk - Control Self Assessments, e.g., risks, controls, risk scores, and integrates new or revised controls into existing Risk - Control Self Assessments.
• Assesses sufficiency/completeness of IT/IS governance matters (e.g., policies/procedures) and evaluate any risks observed.
• Weighs business needs against risk concerns and articulate issues and options to management.
• Assists in ensuring accurate data capture of activities and IT and IS risks in support of risk reporting for all levels of management.
• Actively participates in a robust review and challenges the LOB processes relative to their IT/IS Risk - Control Self Assessments and overall performance.
• Provides feedback on IT/IS operational risks associated with the offering of new products and/or services and business initiatives.
• Maintains awareness of, and tracks, IT/IS regulatory environment, industry relevant IT/IS standards, e.g. NIST, GLBA, FFIEC, as well as IT/IS technologies and concepts, on an ongoing basis.
• Works to further develop the awareness and training on IT/IS operational risk across the corporation.
• Measures, monitors and reports on IT/IS operational risk for different functions in the various operations of the Bank by analyzing IT/IS key risk indicators and other metrics.
• Develops and maintains an understanding of the IT/IS portfolio of risks across the front to back office through the life cycle. Provides identification and delivery of risk mitigation solutions to the BPO's and partners with operations' areas.
• Works with the operation lines to promote acceptance of the IT/IS risk framework and further embed a culture of operational risk identification and mitigation.
• Demonstrates a continual improvement to the control environment and instigates behavioral change.
• Produces value added risk identification and reporting which impacts senior management decision making.
• Develops key initiatives related to improving IT/IS controls, implementing new IT/IS regulations, or project management work involving the advancement of the IT and IS risk framework build.
• Participates and facilitates periodic reporting.
• Keeps current on IT/IS technologies and regulatory and industry trends.

ADDITIONAL COMMENTS

• Performs special projects, and additional duties and responsibilities as required.
• Where applicable and when performing the responsibilities of the job, employees are accountable to maintain Sarbanes-Oxley compliance and adhere to internal control policies and procedures.

EDUCATION AND EXPERIENCE

• Bachelor's degree in computer science, MIS, or related field, or equivalent certifications or equivalent work experience.
• 4+ years' experience in IT Audit, preferable.
• 4-5+ years' relevant industry experience in IT or IS risk management, internal controls or regulatory environment.
• Big 4 or CCAR bank experience, preferable.
• Professional certifications -- CRISC, CISSP, preferable.
• Experienced with IT/IS architecture.
• Experience with RSA GRC Archer Platform.

KNOWLEDGE, SKILLS AND ABILITIES

• Strong interpersonal skills / excellent collaboration skills with a wide variety of internal team members.
• Strong analytical, problem-solving and negotiation skills.
• Strong team player.
• Strong oral and written communication skills.
• Strong organizational and prioritizing skills.
• Personal initiative and attention to detail.
• Computer literate with proficiency in word processing, spreadsheet and database applications.
• Ability to influence business partners in addressing control issues and business practices; ability to lead without direct authority.
• Ability to handle a variety of projects simultaneously.
• Ability to handle confidential information in a mature and professional manner.
• Ability to work with concepts and work independently.
• Ability to ask the right questions without having extensive knowledge in a particular business area.
• Ability to work in a fast-paced, deadline-oriented, and dynamic environment.