Risk Management Analyst, Sr
What sets Bank of the West apart from other banks is our team members–they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity – an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines – Retail Banking, Commercial Banking, and Wealth Management.
Bank of the West seeks a Senior Risk Management Analyst responsible for performing risk management analysis of the Bank’s essential Third Party Service Providers primarily through onsite reviews and inspection of Third Party Service Providers Data Centers, Corporate Offices and Corporate Policies, External Audit Reports, and evidence of Information Security, Physical Security, Business Resiliency and overall effectiveness of Operational Controls. Individual will also be responsible for coordinating, developing, managing, and maintaining Corporate Security reports and supporting documents presented to Senior Management and Board-level Committees. In addition to coordinating with subject matter experts to develop report contents, manages the review cycles, and serves as the liaison with Committee Coordinators to ensure timely submission of the Committee Reports.
Individual will also be responsible for managing a team who controls workflow activities and meets deadlines; maintaining, organizing, and gathering information; and mentor, coach, and manage junior Risk Management team members assigned to projects. This individual collaborates with management and business partners to identify key messages and objectives of the report.
· Identify and document risk to Information Security, Physical Security, Business Resiliency and overall effectiveness of Operational Controls within the Bank through completion of Third Party Service Providers security assessments.
o Lead on-site security assessments at selected third party locations.
o Review external audit reports, vulnerability and penetration test results, Business Resiliency Plans, etc.
o Interview IT personal and key staff responsible for configuration management, compliance, Incident Response, access control, and other critical functions of Information Security, Physical Security and Business Resiliency.
o Formally document assessment for visibility within the organization and tracking purposes.
· Responsible for coordinating, developing, managing, and maintaining Corporate Security reports and supporting documents presented to Senior Management and Board-level Committees.
· Work very closely with Third Party Program Office and Contract Administration to provide Corporate Security Risk Assessment support for security vendor assessments.
o Perform security assessments of vendors according to risk.
o Coordinate with Security Engineering/Architecture to determine mitigating controls or other recommendations on an as-needed basis.
o Identify, then assist the Bank’s Third Party Program Office, as required, to track remediation of vulnerabilities or other security risks.
Plans and maintains the schedule and workflow for multiple reports and administrative tasks, while overseeing all submission timelines. Works directly with subject matter experts to produce, contribute, review, or approve the results.· Manages projects and teams to support requested initiatives or other projects.
· Serves as liason and leads communication between business units, department leaders, executive leaders, and committees to ensure proper approvals and submission of reports and supporting documents.
· Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Corporate Security’s vendor risk assessment program capabilities to industry standards.
· Demonstrates expertise in identifying IT risks, Physical Security risks, and Business Resiliency risks and implementing risk mitigating procedures using standard risk management guidelines including HIPAA, HITECH, PCI, COSO, COBIT, NIST, ITIL and various other control frameworks.
· Strong Program/Project Management skills with proven ability to facilitate communications, motivate team members, and manage stakeholder expectations.
· Strong ability to partner with various business and technology groups to identify, develop and execute project requirements.
· Research industry trends and best practices as noted through organizations such as PCI-DSS, NIST and ISO.
Domestic and International travel is required and a valid passport is needed. Ability to travel on short notice if required.
An ideal candidate is highly motivated with excellent communication skills, excellent leadership skills, and keen focus on details. This person will be a results-driven, senior professional with strong background in IT Risk & Security, Governance, Physical Security, Business Resiliency, Compliance, and Change Management. The Senior Risk Management Analyst collaborates with management and business partners to identify risks within our Third Party Service Providers to enhance the security controls and protect Bank of the West data.
Technology risk or security certification such as CISSP, CISM, CISA, CRISC or equivalent certification is required.
7+ years of experience in Risk Management, Information Security, IT Audit, Physical Security, or Business Resiliency (aka BCP/DR), especially working within a professional organization, preferably as Tier 2 system support or other IT area with exposure to system configuration and application hardening. Applicants should have a diverse knowledge of supporting enterprise applications and systems such as Windows environments and Active Directory.
Field of Experience:
· Expert ability to exercise sound judgment regarding assessment findings and make effective recommendations to management.
o Ability to work effectively on multiple projects within a team structure.
o Ability to meet time sensitive deadlines.
o Ability to work and achieve goals without constant supervision.
· Excellent management and control of work flow to produce deliverables within required timeframes and quality standards.
· Excellent knowledge of Microsoft Office tools.
· Excellent verbal and written communication skills. Superb inter-personal and partnering skills to facilitate effective working relationships.
· Excellent understanding of financial industry, risk management, and/or corporate security.
· Ability to problem solve and make swift, sound judgements.
· Ability to adjust to rapidly changing security environment and prioritize deliverables.
· Ability to condense information and transform technical data into easily understandable concepts.
· Experience mentoring team members and educating others on security assessments practices.
· Excellent knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, or Physical Security or Business Resiliency.
· Solid knowledge of security controls for the handling of Personally Identifiable Information (PII) data
· Experience with the following assessment frameworks/standards:
o ISO/27000 Series
o BITS SIG/SAS-70/SSAE-16
o COBIT/SOX IT Control Testing
· Solid knowledge of regulations and security compliance requirements affecting financial institutions (FFIEC)
· Training in Risk Management or IT Audit Methodology strongly desired