Risk Management Analyst II
What sets Bank of the West apart from other banks is our team members-they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity - an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines - Retail Banking, Commercial Banking, and Wealth Management.
Bank of the West seeks a Risk Management Analyst II responsible for performing risk management analysis of the Bank’s essential Third Party Service Providers primarily through desk reviews and inspection of Third Party Service Providers Corporate Policies, External Audit Reports, and evidence of Information Security, Physical Security, Business Resiliency and overall effectiveness of Operational Controls. Individual will also be responsible for coordinating, developing, and managing controlling workflow activities and deadlines; maintaining, organizing, and gathering information; and coaching peers on assigned tasks.
An ideal candidate is highly motivated with good communication skills, strong leadership skills, and keen focus on details. The Risk Management Analyst II collaborates with management and business partners to identify risks within our Third Party Service Providers to enhance the security controls and protect Bank of the West data.
· Identify and document risk to Information Security, Physical Security, Business Resiliency and overall effectiveness of Operational Controls within the Bank through completion of Third Party Service Providers security assessments.
o Desk reviews and inspection of security assessments for Third Party Service Providers
o Review external audit reports, vulnerability and penetration test results, Business Resiliency Plans, etc.
o Interview IT personal and key staff responsible for configuration management, compliance, Incident Response, access control, and other critical functions of Information Security, Physical Security and Business Resiliency.
o Formally document assessment for visibility within the organization and tracking purposes.
· Work with Third Party Program Office and Contract Administration to provide Corporate Security Risk Assessment support for security vendor assessments.
· Assists Senior Risk Management Analysts and other staff with reports and projects.
· Assists Senior Risk Management Analysts with communication between business units, department leaders, executive leaders, and committees to ensure proper approvals and submission of reports and supporting documents.
· Ensure all reports, supporting documents, and/or presentations are completed accurately using the correct templates/style guides and completed within required timeframes.
· Manage projects to support requested initiatives or other projects.
- Assist in identifying security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Corporate Security’s vendor risk assessment program capabilities
Bachelor's degree or equivalent combination of education and experience
Certification in related field
- Physical Security Professional (PSP), or Certified Business Continuity Professional (CBCP)
Field of Experience
5+ years of experience in Risk Management, Information Security, IT Audit, Physical Security, or Business Resiliency.
o Ability to meet time sensitive deadlines.
o Ability to work and achieve goals without constant supervision.
· Strong management and control of work flows to produce deliverables within required timeframes and quality standards.
· Strong knowledge of Microsoft Office tools.
· Strong verbal and written communication skills. Great inter-personal and partnering skills to facilitate effective working relationships.
· Solid understanding of financial industry, risk management, and/or corporate security.
· Ability to problem solve and swiftly escalate issues to senior staff when needed.
· Ability to adjust to rapidly changing security environment and prioritize deliverables.
· Ability to condense information and transform technical data into easily understandable concepts.
· Solid knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, or Physical Security or Business Resiliency.
· Basic knowledge of security controls for the handling of Personally Identifiable Information (PII) data
· Familiarity with the following assessment frameworks/standards:
o ISO/27000 Series
o BITS SIG/SAS-70/SSAE-16
o COBIT/SOX IT Control Testing
Basic knowledge of regulations and security compliance requirements affecting financial institutions (FFIEC)