Advanced IT Risk Analyst

Wintrust is a financial holding company with approximately $50 billion assets under management and traded on the NASDAQ:WTFC. Built on the "HAVE IT ALL" model, Wintrust offers sophisticated technology and resources of a large bank while focusing on providing service-based community banking to each and every customer. Wintrust operates fifteen community bank subsidiaries with over 170 banking locations in the greater Chicago and southern Wisconsin market areas. Additionally, Wintrust operates various non-bank business units including commercial and life insurance premium financing, short-term accounts receivable financing, out-sourced administrative services, mortgage origination and purchase, wealth management services and qualified intermediary services for tax-deferred exchanges.
Position Summary
This position is responsible for assisting and supporting the IT risk and audit practices within Information Technology. Under the direction of leadership, this position coordinates and performs Information Technology risk and control self-assessment functions, as well as control-testing reporting and activities, in adherence with Wintrust's policies and procedures. While operating within Wintrust's risk appetite, the position will achieve results by assisting in identifying, assessing, managing, monitoring, and reporting on risks for Information Technology.
Key Accountabilities

• Responsible for hands-on execution of control testing/risk assessments and the development of control enhancement recommendations. Performs engagement efforts with IT stakeholders and conducts discovery activities for evaluation and design of new controls. Updates and maintains control matrices and spreadsheets and provides recommendations for management's consideration. Adheres to the IT Risk program standards utilizing industry best practice frameworks such as COBIT, ITIL, SANS, NIST, Basel, GLBA, SOX, PCI-DSS, FFIEC, etc.
• Coordinates Enterprise Risk Management (ERM) functions to align the IT Risk Program elements with ERM processes, to support strategic business objectives and oversight of the Risk Controls Self-Assessment (RCSA) process for Information Technology.
• Facilitation of the regulatory exam and audit efforts within Information Technology, to include the collection of audit documentation, scheduling meetings, providing audit responses for audit reports and assisting management with responding to audit findings and recommendations.
• Monitor and track audit remediation efforts as well as ensuring follow-up reporting through the audit lifecycle.
• Coordinate validation efforts and control review, for Disaster Recovery and Business Continuity program.

Qualifications

• Bachelor's degree or equivalent experience, preferably in computer science or information systems.
• Extensive experience working in IT with 5+ years in a risk role that includes defining strategy, implementing new processes, project management and Information Technology audit practices.
• 3 to 5 years of experience in IT Controls testing.
• Experience with working in IT Risk domains to include Change Management, Asset Management (Hardware & Software), Enterprise operations Infrastructure Management, security operations, and secure software development.
• Experience working both independently and in a team-oriented, collaborative environment. Ability to conduct research into technology related risks and controls.
• Experience acting as a liaison to internal audit/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders.
• Excellent written and verbal communication skills, with a proven track record of interacting effectively with business partners or clients.
• Working knowledge of Information technology and security risk management frameworks and compliance practices such as NIST, COBIT 5.1. ITIL framework.
• Ability to develop IT Risk Management standards and guidelines based on best practices and industry standards.
• IT Business Continuity planning experience preferred, especially IT Disaster Recovery planning.
• Technical or professional certifications in field of specialization highly recommended. CISA, CRISC, CISSP or CISM preferred.
• Specialized knowledge and experience in DevSecOps and Cloud Security.

From our first day in business, Wintrust has been proud to serve a variety of unique communities and people from all walks of life. To be Chicago's Bank® and Wisconsin's Bank®, we need to reflect that diversity both in all the communities we serve, the people we employ, the organizations we work with, and our banking and lending practices. Wintrust Financial Corporation, including community banking and financial services subsidiaries, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity and expressions, genetic information, marital status, age, disability, or status as a covered veteran or any other characteristic protected by law.