Technology Risk and Controls Analyst

ABOUT CB SHARED SERVICES, INC.

CB Shared Services, Inc. (CBSSI) is a privately owned shared services company that provides information technology services for eight affiliated Minnesota community banks and their branch locations. CBSSI’s strategic intent is to provide strategy, enterprise architecture, regulatory compliance, and technology operations across all banking systems for each of the affiliate banks. Customer experience, thought leadership, collaboration, fiduciary responsibilities, and security as a mindset are how we deliver quality products and services to our customers.

OVERVIEW

As the Technology Risk and Control Analyst (TRC Analyst), you will play an integral role in developing and implementing security policies, standards, procedures, and guidelines in alignment with the organization’s overall risk management strategy. This highly visible and critical work will include conducting risk assessments and audits to identify vulnerabilities and potential threats to the organization's information systems, networks, and data plus more. You will lead the charge on regular monitoring and reporting of compliance which is based on the organization’s established policies and procedures, as well as ensuring that all stakeholders are aware of potential risks and compliance requirements. A hands-on and detail oriented TRC Analyst will also oversees the implementation of security controls and technologies to protect the organization's information assets, including data encryption, access controls, and intrusion detection and prevention systems; all while collaborating with internal and external stakeholders to develop incident response plans and procedures to ensure timely and effective response to security incidents.

KEY RESPONSIBILITIES

• Responsible for developing and implementing information security policies, standards, procedures, and guidelines in alignment with the organization's overall risk management strategy.
• Identifying common threats, vulnerabilities, and exploits with equivalent understanding of mitigating controls and response techniques or processes.
• Oversees the implementation of security controls and technologies to protect the organization's information assets, including data encryption, access controls, and intrusion detection and prevention systems.
• Report existing or potential security issues and incidents to the System Owner and escalate as needed to key stakeholders.
• Perform notification for any suspected security incidents in a timely manner and assist in the investigation of incidents if necessary.
• Performing risk assessments prior to the implementation of system changes to determine impacts to the security controls established for the system.
• Ensuring that all IT security documentation (e.g. System Security Plan, Information System Contingency Plan, and Configuration Management Plan) is properly developed, maintained, approved, updated and compliant with security program requirements.
• Stay updated with industry best practices, regulatory requirements, and emerging trends in information security, especially cybersecurity and banking regulation, and propose enhancements to the bank's information security practices and methodologies.
• Assist in tracking and monitoring security findings, ensuring that remediation activities are promptly addressed and providing periodic updates on the status of remediation efforts.
• Maintain an organized and comprehensive database of security documentation, including control matrices, test scripts, and supporting evidence.

• Assist with vendor management and contract review processes.

JOB REQUIREMENTS

Education:

Experience:

• Knowledge of NIST Cybersecurity Framework (preferred), CIS Controls, FFIEC, SOC2 Framework, and COBIT
• Proven experience (5+ years) in information security within the financial technology industry or a similar domain.
• Experience in conducting control testing, documenting results, and maintaining supporting evidence.
• A proficient understanding of banking systems and industry regulations is highly desirable.
• Experience within Fiserv’s core banking platform.

Knowledge/Skills/Abilities:

• High level of curiosity in understanding the underlying business and the security threats we want to solve using technology.
• Strong negotiation, management, and decision-making skills
• Excellent analytical, problem-solving, and organizational skills
• Solid understanding of IT controls, risk management principles, and information security best practices.
• Understanding of security threat landscape and tools and processes to prevent, detect and respond to these threats.
• Strong analytical and problem-solving skills with a keen eye for detail.
• High ethical standards and the ability to handle confidential information with integrity and professionalism.

*We are unable to sponsor or take over sponsorship of an employment Visa at this time.