Lead IT Risk & Control

at  City National Bank

SKILLS AND KNOWLEDGE

• Demonstrated experience analyzing complex cyber security data sets within subject area specialtyDemonstrated knowledge of cyber security landscape
• 
  
• threats, trends, technologies

• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
• Strong commitment to working as a team and providing excellent customer service.
• Exposure to banking or equivalent highly controlled technology environment is preferred
• Masters’ degree in business, computer science or related field preferred
• Security certifications (CISSP, GSEC, etc.) are highly desired.
• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
• Experience in banking/financial industry is strongly preferred
• Formalized training in cyber security analysis or assessment techniques

COMPENSATION

Starting base salary: $111,408 - $189,738 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.

• To be considered for this position you must meet at least these basic qualifications

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

• “Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
• Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
• Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
• Work collaboratively with all Lines of Defense, coordinate and proactively identify, manage and monitor IT Risk.
• Act as Subject Matter Expert for the activities performed to manage IT Risk
• Execute IT Risk Assessment (e.g. Risk Control Self Assessments) to identify and quantify the risks and their associated controls.
• Execute GLBA, NYDFS, SWIFT and Fedline Compliance Assessment
• Identify and Define Key Performance Indicators (KPIs) metrics and Key Risk Indicators (KRIs) to monitor all risks and ratings to Controls to measure the performance on the control operation.
• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
• Participate in other security support projects and duties as needed or requested”
• The role supports T&I in the creation of analytics & reporting to enhance senior management’s ability to anticipate and manage risks effectively.
• Manage the development and execution of first line risk management reporting including setting direction, goals and management awareness of risk and controls.
• Develop and execute on end-to-end change management of processes to gather and analyze relevant information.
• Leads the development and execution of processes to support the delivery of Risk Management reporting including the support of audience stakeholder groups.
• Lead analysis and documentation of information to support risk drivers & metrics.