Senior Technology & Security Risk Analyst - Jobs in New Jersey

Job Description

Assist in the ongoing development and implementation of the Technology Risk Oversight Program as part of FHLBNY #39;s overall Operational Riskamp; Compliance program.Essential Duties

• Execute day-to-day activities required to support the development of the Technology Risk Oversight ( quot;TRO quot;) program. Ability to blend and utilize their organizational, technical, business, and cyber security skill-sets.
• Participate in projects and initiatives to bring a pro-active technology risk management focus by utilizing industry best practices.
• Develop a technology risk methodology for risk ranking the Bank #39;s assets according to business impact (i.e., hardware, software, associated data and supporting capabilities).
• Maintain an up-to-date understanding of internal and external emerging risks; identify potential threats and vulnerabilities to the Bank #39;s assets to assist in the evaluation of technology risk.
• Provide advice on how to meet technology focused regulatory obligations and assess the impact of proposed regulations through the evaluation of regulatory developments as well as implementation of required controls.
• Collaborate with IT to perform Maturity Assessments for the Bank #39;s technology risk drivers (e.g., Information Security, IT Strategy, Project Management, etc.) and identify improvement opportunities.
• Maintain an up-to-date understanding of new technology trends; help assess if and how these apply and provide value to the Bank while keeping align to the Bank #39;s risk tolerance.
• Work with technology and business teams to develop and document IT risk scenarios, related risk analysis, along with risk responses to manage technology risk within their areas.
• Investigate and evaluate technology related operational incidents. This includes assessing the breakdowns and identifying opportunities for internal control improvement.
• Build and analyze the IT Risk Register, Controls Inventory, and Response Register.
• Work on special and or ad-hoc projects as assigned via the Technology Risk Working Group of the Operational Risk Committee (e.g., Governance standards on Asset Management, etc.).
• Assist in the preparation of technology risk related deliverables.

Education

• Bachelor #39;s Degree in Information Systems, Computer Science or related field preferred. Post graduate degree a plus or equivalent work experience.
• Related security, technical, and/or risk professional certifications desired (e.g., CRISC, CISA, CISM, CGEIT, CSX-P, CCSK v4, CISSP, SANS, AWS, etc.).

Skills

• Must have solid understanding of IT risk management concepts and practices;
• Must have solid understanding of common risk and information security management frameworks and/or programs such as COBIT 2019, NIST, FIPS 199, CIS, ISO/IEC 27001, FedRAMP, FFIEC;
• Proficient understanding of cyber security, technology operations (i.e., client server, LAN, UNIX, Windows, DB2, Oracle, SQL, VMWare, firewalls, cloud computing);
• Expert industry and technical awareness to identify technology opportunities and align these to the business needs;
• Ability to multi-task, manage work-flows, and timelines for deliverables;
• Ability to work with limited supervision and make independent decisions;
• Ability to create partnerships at all levels of the Bank;
• Highly disciplined, Self-starter, creative and innovative;
• Dependable, detail-oriented and accurate;
• Strong analytical, critical thinking and problem solving skills;
• Solid understanding of project management;
• Ability to adapt to change quickly;
• Strong organizational skills; and
• Superior interpersonal, verbal and written communication skills.

Experience

• Minimum 6+ years #39; experience which may include a combination of IT security, infrastructure, cloud, architecture, data, IT risk/compliance, or IT governance.
• Past participation in either initial certification and/or renewal of ISO/IEC 27001, SOC 2/SSAE18, etc.
• Operating/securing/assessing one of the following areas such as network security, identity access management, vulnerability management, cloud security, penetration testing, or encryption management.
• Working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
• Various IT focused security risk assessments or technical assessments (e.g. related to cloud, network, systems, infrastructure, mobile, and web projects/initiatives).
• Analyzing complex technical systems and the business processes they support; synthesizing the corresponding risks and controls and recommending security solutions and remediation.
• Analyzing data from various sources to identify trends, emerging risks and key insights.
• Defining, developing, implementing, and monitoring KRIs and KPIs.
• Performing IT audits and/or IT SOX reviews.
• Coordinating with risk or audit on IT focused audits or risk assurance projects.
• Financial services and banking industry a plus.

Salary: $121,000 to $140,000Skills: