Description

As the ETS Risk Principal Analyst in Technology and Cyber Risk, you will be responsible for identifying, assessing, and mitigating risks associated with technology and cybersecurity within the banking sector. Your role is crucial in ensuring the organization’s resilience against cyber threats and maintaining robust risk management practices.

Key Responsibilities

Risk Identification and Assessment: Conduct comprehensive risk assessments for technology and cybersecurity initiatives.Identify emerging threats and vulnerabilities in the IT landscape.Develop and maintain a risk register for tracking and managing identified risks.Risk Mitigation and Control: Implement risk mitigation strategies and controls to address identified risks.Collaborate with IT and security teams to ensure effective deployment of security measures.Monitor the effectiveness of risk controls and make necessary adjustments.Governance and Compliance: Ensure compliance with regulatory requirements and industry standards. Develop and enforce technology and cybersecurity policies and procedures.Support and cooperation with 2nd and 3rd LODs in audits and reviews to ensure adherence to governance frameworks.Incident Management: Support activities related with risk in cybersecurity incidents and breaches.Review and asses post-incident analysis to identify risk associated with incidentsReporting and Communication: Prepare and present risk reports to senior management and the board.Establish and maintain an effective business relationship with business partners, key project stakeholders, Second Line of Defense and subject matter experts to advise and support the Technology Services Risk Leadership Team.Communicate risk management strategies and updates to relevant stakeholders.Foster a risk-aware culture within the organization through training and awareness programs.Innovation and Continuous Improvement: Stay updated on the latest trends and advancements in technology and cybersecurity.Identify opportunities for innovation in risk management practices.Continuously improve risk management processes and tools.Actively support automation in testing process.

Awareness with Tools and Resources

Risk Management Frameworks: CRI, NIST, ISO 27000 family  Security Tools: Vulnerability scanners, SIEM (Security Information and Event Management) systems, endpoint protection solutions.Compliance Tools: GRC (Governance, Risk, and Compliance) platforms, audit management software.Incident Response Tools: Incident management platforms, forensic analysis tools.

Best Practices

Regularly update risk assessments to reflect the evolving threat landscape.Foster collaboration between IT, security, and business units to ensure comprehensive risk management.Promote a culture of continuous improvement and innovation in risk management practices.Engage in ongoing professional development to stay current with industry trends and best practices.

Qualifications

7+ years of experience in Information Technology, Information Security, Data Management, IT Service Management and Operations and/or IT Resilience7+ years of Audit or Risk Management experience gained from working in financial services industry, preferably in Technology or Information Security.Strong business writing skillsAbility to effectively communicate with all levels of the organizationProject management skills to support multiple complex assignmentsStrong influencing and negotiating skillsProficient use of Microsoft Office Suite

Platform Specific Skills:

Technical knowledge of various platforms (e.g. Cloud, Microsoft, Unix, Middleware. APPs)Writing, Project Mgt, GRC Skills

Education:

Bachelor’s degree or equivalent experience required

Certifications Preferred:

Certified Information Systems Auditor (CISA)Certified in Risk and Information Systems Control (CRISC)AWS / Azure Cloud CertificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)

Hours and Work Schedule: 3 days in the office, 2 remote

Hours per Week:  40

Work Schedule:    8:00am to 5:00pm

                             Monday through Friday

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

At Citizens, we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.