International Bank is seeking an Information Security Analyst (ISA) who will perform duties related to 3rd Party Risk Management, and Operational Risk Management. This position will assist the CISO to manage and maintain the 3rd Party Riks Managment Program and will act a backup to perform Information Security duties.
- 3rd Party Risk Management
- Assist in the development and maintenance of the 3rd Party Risk Management Procedure
- Manage and maintain the 3rd Party processes including but not limited to regulatory expectations, risk assessments, gap analysis and process
- Conduct periodic evaluations and assessments of 3rd Party vendors including the on-boarding and off boarding
- Maintain and conduct periodic 3rd party awareness training to key
- Prepare key metrics for Management and Committee reporting.
- Assist in preparing audit materials as requested by the Internal Audit
2. Operational Risk and Regulatory Reporting
- Enhance the Branch’s operational risk management
- Review RCSA of each group of the Branch upon changes and make challenges including annual review which involves analysis and aggregation of the RCSA
- Responsible for tracking record of Operational Risk Reporting in the Branch so that the Branch can monitor and analyze the operational risk incidents as well as confirm the preventive
- Engage in identifying, measuring, reviewing, aggregating monitoring, or controlling operational risks within the risk appetite for US operations independently from the business
- Report the Branch’s operational risk management to Branch senior management, IT & Operational Risk Committee, Branch Oversight Committee and US Risk Committee (the “USRC”) to review
- Help USCRO to oversee the activities of CRM who serve as the risk management function for the Branch and determine key risk indicators to be monitored on a regular basis and to ensure that the Branch’s business activities are performed within the US risk
- Produce a monthly report that summarize the status of operational risk incidents and commentary that includes the result of quarterly RCSA checking to senior management on a monthly
3. Information Security
- Act as a secondary/back-up to perform Information Security tasks, reviews and user administration.
Requirements
- Bachelor’s degree in Information Security, Computer Science or related field
- Knowledge of 3rd Party Risk
- Knowledge/experience of Operational Risk
- Knowledge of Windows, Windows servers including active Directory and AS400
- Knowledge of security tools such as Anti-Virus, Vulnerability Scanner and SIEM
- In-depth understanding of Information Security Administration.
- Professional Security certification not required but a
- Knowledge of information security related topics such as FFIEC, NYDFS Part500, ISO 270XX,