Cyber Risk Analyst

Cyber Risk Analyst

Hybrid/Manhattan, NY

Pay Range: $90,000 - $110,000

The Cyber Risk Analyst, Assistant Treasurer assists in the execution of Apple Bank's information security strategy to protect information assets, manage information security risks, and to comply with regulatory, as well as legal requirements, and by doing so, provides assurance to our key stakeholders. The successful candidate will help develop, enforce, and maintain policies, procedures, and mechanisms to protect the confidentiality, integrity, and the availability of information technology throughout the Bank and its third-party service providers. The Analyst collects and maintains evidence and validates the completeness and accuracy of defined information security key risk indicators (KRI) and coordinates/maintains various security risk assessments and provides oversight on security due diligence for third-party service providers. Additionally, this position will be responsible for administering the Bank's Information Security Training and Awareness Program, as directed by department management.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Drive enhancements of the GRC (Governance Risk & Compliance) tool which includes the mapping of applicable policies to controls, building dashboards, and generating reports.
• Maintain, track, and validate minimum-security requirements for new products and technologies and make security control recommendations.
• Track plans for remediation of risk assessment findings, issues, as well as exceptions to policies.
• Collect, effectively challenge, and maintain evidence and validate the completeness and accuracy of the defined information security key risk indicators (KRI) material.
• Review third-party service providers ("TPSP") information security control survey responses, and supporting documentation (i.e., CAIQ (Consensus Assessments Initiative Questionnaire), SOC (Service Organization Control) 2, VSA (Vendor Security Alliance).
• Assess TPSP cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS).
• Produce detailed issue documentation of risk assessment results and perform threat analyses of gaps identified; communicate cyber risks associated with business stakeholders.
• Manage Information Security Training & Awareness Program, including the rollout of curriculum, phishing simulations, newsletters; conduct in person and web conferencing training sessions.
• Provide periodic updates, reports, and recommendations to department management, regarding the best practices of information security and information technology controls, risk assessment, as well as risk remediation strategies.
• Provide governance for Information Security Sub-Committee, schedule committee meetings, and solicit feedback from committee Chair and Vice Chair; capture detailed meeting minutes.
• Perform other duties as requested.

SKILLS, EDUCATION AND EXPERIENCE

• Bachelor's degree in Computer Science, Information Systems Management, or other related field is preferred; demonstrated equivalent skills and experience will be taken into consideration.
• Cybersecurity certifications are desirable.
• 3 years of Information Security and Information Risk Management experience required.
• Experience in financial services and/or banking industry preferred.
• Must have experience utilizing Microsoft SharePoint Online and Microsoft Office 365 Suite, as well as a GRC solution.
• Excellent communication (verbal written) skills; demonstrated ability to communicate clearly and concisely to various levels, up to and including executive level management and non-technical staff.
• Ability to multi-task.
• Strong relationship building skills with the ability to collaboratively bring together requirements from various stakeholders across the organization as part of the information security strategy, planning, and management activities.

Apple Bank offers Medical/Dental, Vision, 401k and Tuition Reimbursement to full-time employees.

We are an equal opportunity employer and do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, military and/or veteran status, or any other Federal or State legally-protected classes.

#Li-Hybrid