Sr. Business Risk Analyst - Modern Technologies. Tempe, Austin, Atlanta, Charlotte
The Sr. Business Risk Analyst - Modern Technologies will play a key role in the ongoing technology transformation journey of the Bank. This position will be responsible for the governance and operations of enterprise platforms with established security, compliance, risk and governance requirements of the Bank. This includes developing and operationalization operating guardrails and devising ways to accelerate and automate compliance as well as establishing relationships with technology and business leadership.
Analyzing and streamlining existing processes and maximizing automation is a major responsibility for this role, and it includes developing and operationalizing programmatic guardrails in collaboration with owners and architects of established and emerging enterprise platforms. In this role you will interact directly with a cross-functional team of multiple stakeholders across the bank including leadership teams of enterprise Cloud, API and DevSecOps platforms as well as overall enterprise platform governance leadership.
Qualifications
Planning, execution of the fieldwork, for internal and external audit exams
Security readiness assessment in compliance with FFIEC guidelines
Operationalize status meeting and shared industry best practices and lessons learned
Scheduling walkthrough meetings, collection of evidence, follow up and sharing the audit findings with stakeholders
Quality Review of existing Risk Assessment Matrix to ensure compliance with regulation, internal policies and procedures.
Collaborative relationship with key stakeholders within the Bank’s first and second line of defense, IT Risk and Compliance teams to ensure key performance indicators (KPI’s) and key risk indicators (KRI’s) are developed and monitored for compliance and reporting.
Assess existing control frameworks and implementations within enterprise platforms against the security, risk and compliance requirements of the bank
Provide subject matter expertise to strength controls design and implementation effectiveness
Communicate platform control gaps and remediation plan to internal and external stakeholders
Implement processes for continuous compliance of enterprise technology platforms against control framework across people, process and technology
Partner with technical leadership and architects of enterprise platforms to continuously improve and maximize automation of the controls within the framework
Partner with product managers of enterprise platforms to ensure control gap remediations are incorporated into platform delivery roadmaps and prioritized
Engage with teams leveraging the platforms to ensure understanding of the risk mitigation provided by controls within the framework and what additionally is required by adopting teams
Develop metrics and reporting to provide visibility to leadership and stakeholders on maturity of overall compliance across enterprise platforms
Manage stakeholders and their expectations
Effectively communicate ideas and information with peers, management, and customers - Serve as a Change Agent and contribute to a culture of continuous compliance
Liaison with 1st, 2nd and 3rd Risk LOD - Liaison with Modern Platform owners and Application owners to ensure compliance
Skills
10+ years of overall industry experience, specifically around cybersecurity, IT risk management, IT audit or compliance
5+ years working experience with cloud platforms (AWS) and DevOps
Passion for achieving excellence in delivery, solving complex problems, and taking ownership
Expertise in IT operations and security control domains (including application security, change management, patch management, disaster recovery, data center operations, information security and networking)
Knowledge of, and experience with, financial services regulatory frameworks such as PCI, SOX, FFIEC, CIS20, GDPR, GLBA, CCPA - At least one of the following security certifications: CISSP, CISM, PCI-QSA certifications, or Certified ISO27001 Lead Implementer
Experience with enterprise IT management frameworks (e.g., COBIT, ITIL)
Excellent technical, analytical, problem solving, multitasking, and time management skills with consistent attention to detail
Ability to effectively learn, communicate and use new processes, concepts, tools, and methodology to support the needs of the business
Strong interpersonal skills, with the ability to work across functional lines and at many levels
Excellent presentation (written and verbal) communication skills. Ability to effectively communicate technical issues and solutions to all levels of business
Ability to effectively share technical information and train and mentor less experienced or knowledgeable team members
Charlotte, North Carolina