ITRC Snr Analyst

• Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
• Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
• Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
• Participate in other security support projects and duties as needed or requested

Must-Have*

• Bachelor's Degree business, computer science, or related field
• Minimum of 12 years’ experience in Information/Cyber Security field
• Minimum of 6 years' experience in cyber security operations, incident response, IT risk management or investigations

Skills and Knowledge

• Demonstrated experience analyzing complex cyber security data sets within subject area specialty
• Demonstrated knowledge of cyber security landscape -- threats, trends, technologies
• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
• Strong commitment to working as a team and providing excellent customer service.
• Exposure to banking or equivalent highly controlled technology environment is preferred
• Masters' degree in business, computer science or related field preferred
• Security certifications (CISSP, GSEC, etc.) are highly desired.
• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
• Experience in banking/financial industry is strongly preferred
• Formalized training in cyber security analysis or assessment techniques