We are looking for

Senior Cybersecurity Risk Exception Analyst

Apply REF: 063371

At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.

To protect the health and safety of our employees and customers, Bank of the West requires all U.S. employees to provide proof of their vaccination status. Employees who are not fully vaccinated must undergo regular testing beginning May, 2022.

Job Description Summary

This position is responsible for supporting the Bank’s risk exception program for Information Technology and Security business units ensuring the Bank has accurately and completely recorded it’s IS, Business Continuity and IT controls gaps to provide an accurate view of the Bank’s risk posture to senior leadership. 

Essential Job Functions

  • Partner with appropriate stakeholders across the Bank to document deviations from Information Technology, Information Security, and business continuity expectations as defined in Policies, Standards and Frameworks
  • Ensures all relevant aspect of the risk exceptions are documented in detail to support the inherent and residual risk determination.
  • Ensure the risk exceptions are approved by the appropriate individuals based on the nature and severity of the risk.
  • Develops and maintains reporting on the status of the program for senior leadership and appropriate oversight committees.
  • Ensures work effort dependencies, assumptions, risks and issues are defined, documented and communicated to the appropriate lead and/ stakeholder.


Required Experience

  • Bachelor's Degree Business, Computer Science, Information Assurance, Management Information Systems or related field

Work Experience

  • 7 years in Risk Management, Information Security, IT Audit, or related field.
  • Prior experience in IT and IS Risk Management process for a large firm or bank highly desired.


  • CISA, CISM, CRISC or CISSP certification(s) required
  • MITRE Attack Framework experience a plus
  • Strong written and verbal communication skills for report writing, business


Working Location Statement

This position has the option to work in one of our key hubs (San Ramon, CA, Tempe, AZ, Omaha, NE) or to work remotely as long as it is in within our 27 state working footprint which includes AZ, CA, CO, FL, GA, ID, IA, IL, KS, MI, MN, MO, NE, NV, NM, NC, ND, OH, OK, OR, SD, TX, UT, WA, WI, WY, NY.

Equal Employment Opportunity Policy

Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.

Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.
Primary Location: United States-Nebraska-General NEJob Type: Full-timeJob: Risk Management Reference: 063371