DescriptionAs the ETS Risk Principal Analyst in Technology and Cyber Risk, you will be responsible for identifying, assessing, and mitigating risks associated with technology and cybersecurity within the banking sector. Your role is crucial in ensuring the organization’s resilience against cyber threats and maintaining robust risk management practices.Key Responsibilities
Risk Identification and Assessment:
Conduct comprehensive risk assessments for technology and cybersecurity initiatives.
Identify emerging threats and vulnerabilities in the IT landscape.
Develop and maintain a risk register for tracking and managing identified risks.
Risk Mitigation and Control:
Implement risk mitigation strategies and controls to address identified risks.
Collaborate with IT and security teams to ensure effective deployment of security measures.
Monitor the effectiveness of risk controls and make necessary adjustments.
Governance and Compliance:
Ensure compliance with regulatory requirements and industry standards.
Develop and enforce technology and cybersecurity policies and procedures.
Support and cooperation with 2nd and 3rd LODs in audits and reviews to ensure adherence to governance frameworks.
Incident Management:
Support activities related with risk in cybersecurity incidents and breaches.
Review and asses post-incident analysis to identify risk associated with incidents
Reporting and Communication:
Prepare and present risk reports to senior management and the board.
Establish and maintain an effective business relationship with business partners, key project stakeholders, Second Line of Defense and subject matter experts to advise and support the Technology Services Risk Leadership Team.
Communicate risk management strategies and updates to relevant stakeholders.
Foster a risk-aware culture within the organization through training and awareness programs.
Innovation and Continuous Improvement:
Stay updated on the latest trends and advancements in technology and cybersecurity.
Identify opportunities for innovation in risk management practices.
Continuously improve risk management processes and tools.
Actively support automation in testing process.
Awareness with Tools and Resources
Risk Management Frameworks: CRI, NIST, ISO 27000 family
Security Tools: Vulnerability scanners, SIEM (Security Information and Event Management) systems, endpoint protection solutions.
Compliance Tools: GRC (Governance, Risk, and Compliance) platforms, audit management software.
Incident Response Tools: Incident management platforms, forensic analysis tools.
Best Practices
Regularly update risk assessments to reflect the evolving threat landscape.
Foster collaboration between IT, security, and business units to ensure comprehensive risk management.
Promote a culture of continuous improvement and innovation in risk management practices.
Engage in ongoing professional development to stay current with industry trends and best practices.
Qualifications
7+ years of experience in Information Technology, Information Security, Data Management, IT Service Management and Operations and/or IT Resilience
7+ years of Audit or Risk Management experience gained from working in financial services industry, preferably in Technology or Information Security.
Strong business writing skills
Ability to effectively communicate with all levels of the organization
Project management skills to support multiple complex assignments
Strong influencing and negotiating skills
Proficient use of Microsoft Office Suite
Platform Specific Skills:
Technical knowledge of various platforms (e.g. Cloud, Microsoft, Unix, Middleware. APPs)
Writing, Project Mgt, GRC Skills
Education:
Bachelor’s degree or equivalent experience required
Certifications Preferred:
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
AWS / Azure Cloud Certifications
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Hours and Work Schedule: 3 days in the office, 2 remoteHours per Week: 40Work Schedule: 8:00am to 5:00pmMonday through FridaySome job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.Equal Employment OpportunityAt Citizens, we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.Equal Employment and Opportunity EmployerCitizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.Why Work for UsAt Citizens, you'll find a customer-centric culture built around helping our customers and giving back to our local communities. When you join our team, you are part of a supportive and collaborative workforce, with access to training and tools to accelerate your potential and maximize your career growthBackground CheckAny offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.12/31/2024