Principal Technology Risk Analyst/ Program Manager- Information Security
At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
Responsible for managing the day to day execution and coordination of the technology risk function within the ICT Risk program. Responsible for the part of the program which could include: reporting, testing, development of new tools and methodologies, program or project management, leading special projects, as well as program implementation as it applies to the business lines or the overall Bank.
- Within assignment has a broad range of independence, ensures the ICT Risk Program is working effectively to report on the LOB/support function's ICT risk posture and rein in excessive risks/risky activities.
Undertakes transversal & vertical assessments of exposures, identifying ICT risks, evaluating their potential impact and reviewing the strengths and weaknesses of existing controls.
Work with other risk functions to develop and implement controls that mitigate risks.
Once the controls are in place, continues to monitor control compliance and the prevalent risk environment recommending incremental recommendations for improvement to ensure that exposures are kept at acceptable levels.
Oversees the execution of the ICT risk management standards and procedures; developing ICT risk management analysis reports; developing approval procedures and guidelines on ICT risk limits by type of product and/or transaction (where appropriate); and in establishing management and administrative procedures to ensure adherence to policies.
Counsels business unit managers on ICT risk management issues.
May participate in evaluating new products, changes to the channels through which products are offered, and technology impact assessments for their impacts on the bank's or LOB’s ICT risk profile.
- Bachelor's Degree in IT, Security, Risk Management or related field
- Master's Degree in Risk Management or IT preferred
Practitioner’s experience (10 years minimum) in one of the following areas (Information Security or Cyber Security)
7 years leading information security risk assessment or risk management activities
Technology Skills (Required)
Extensive experience conducting technical risk assessments to identify ICT risks and designing mitigation controls in (at least 6) of the following areas
Application Development/SDLC (Agile & Waterfall)
Cloud& Virtualization Technologies (IaaS, PaaS, SaaS)
Networks and Network Security
Identity& Access Management
Threat& Vulnerability Management
Encryption Technologies & Key Management
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.