IT Risk AnalystBookmark This
Talmer Bank and Trust
Talmer Bank and Trust is a growing community-oriented financial institution that provides highly personalized financial services to individuals, professionals and their businesses with offices throughout the Midwest . Like other banking institutions, we offer a full array of products and services. We believe that the high level of service and personal attention provided by our employees is what sets us apart from other financial institutions.
At Talmer Bank and Trust, we take pride in developing and maintaining personalized relationships with our customers. Being a community bank is not just what we are, but who we are. Our team includes the industry’s best professionals that are committed to our mission of Community, Integrity and Service.
We welcome individuals with the talent and desire to serve our community. If this sounds like you, we'd love to have you become a member of our family! We are currently looking for a customer service minded individual to join our team as an Information Technology Risk Analyst.Responsibilities:
The IT Risk Analyst will focus on risk assessment management to protect the information assets of the bank and support the information technology governance policies and processes, compliance, information security, change control and business continuity plans, utilizing knowledge of industry best practices, policies and good judgment in assessing controls, identifying weakness and tracking through remediation, in support of Talmer, regulatory and compliance information security requirements. The IT Risk Analyst will actively work with business partners to ensure a solid IT governance framework.
- Ensure strategic objectives of the IT risk management program are met including the execution of risk assessment activities, coordination of risk response and program testing and validation.
- Review, update previously created risk assessments of Talmer processes, systems and programs recommending enhancements where identified.
- Perform annual risk assessments related to GLBA, VOIP, and Virtualization, as well as others identified, identifying potential issues, control gaps, and potential process efficiencies.
- Track weaknesses/findings identified through the risk assessment process to completion to identify adherence with the agreed upon remediation schedules.
- Assist in the facilitation of audits conducted by third party and internal auditors.
- Documents risk analysis and controls and evaluates control design and continuous control improvement
- Work with Human Resources to enhance the BAI online Information Security training, as well assist the IT Risk Manager in expanding ongoing security awareness training.
- Where required, assist the Information Security Analyst in perform routine security monitoring tasks.
- Work with the various Security team members, IT infrastructure, network and/or operations teams, to ensure an understanding of the implemented technologies, as well as business area reliance.
- Assist the Information Security Risk Analyst in evaluating the results of identified risk assessments, advise management of potential security issues, and propose remediation solutions.
- Partner/Interfaces with user and IT community to understand business needs, as well as mitigating controls in place to address the risks identified as part of each risk assessment.
- Provide assistance in identifying risk(s) and associated controls required for ongoing processes, as well as proposed projects.
- Assist in the investigation of security breaches or potential breaches where required.
- Produce metrics reports on risk management initiatives.
- Work with IT Risk Manager to provide compliance and/or audit management evidence as required.
- Evaluate newly proposed security policies, partnering with IT and other business areas to identify the associated risks to comply and provide recommendations to management.
- Identify opportunities to improve workflow and understand and quantify business impacts of those improvements for communication to management.
- Advise management on industry developments in business practice, technology, security issues and legislation that impact the company’s security policy.
- Perform other IT Risk Management activities as assigned.
- Bachelor’s Degree in Business, IT or related field or equivalent work experience; CISSP a plus.
- Minimum of 3 – 5 years of IT experience, preferably with 2-3 years in information security/IT assurance and/or IT compliance/audit.
- Previous banking experienced preferred.
- Ability to manage deadlines. Either achieve all deadlines or set appropriate expectations in advance.
- Possess knowledge and understanding of a breadth of information technologies and information security topics.
- Demonstrated ability in the development of solutions and/or mitigations related to security vulnerabilities.
- Experience in Fiserv solutions, business continuity software and banking applications preferred. Active Directory, Database, SQL knowledge is a plus.
- Strong written and verbal communication with solid presentation skills and are a must.
- Excellent analytical ability, and planning/organization skills. Self-motivated to carry out assignments with minimal supervision and collaborate well with others.
- level of credibility with everyone with whom this person comes into contact.
General Working Conditions:
While performing the duties of this job, the employee is required to communicate effectively with others, sit, stand, walk, and use hands to handle keyboard, telephone, paper, files, and other equipment and objects. The employee is occasionally required to reach with hands and arms. This position requires the ability to review detailed documents and read computer screens. The employee will occasionally lift and/or move up to 10 pounds. The work environment requires appropriate interaction with others. Occasional travel to different locations may be required.
This classification description is intended to indicate the general kinds of tasks and levels of work difficulty that are required of positions given this title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of any supervisor to assign, direct and control the work of the employees under her/his supervision. The use of a particular expression or illustration describing duties shall not exclude other duties not mentioned that are of a similar kind or level of difficulty.
Equal Opportunity Employer