Bank of the West Sr Cybersecurity Analyst - Third Party Assessment in Omaha, Nebraska
Sr Cybersecurity Analyst - Third Party Assessment
At Bank of the West, our people are having a positive impact on the world. We’re investing where we feel we can make the most impact, like advancing diversity and women entrepreneurship programs, financing for more small businesses, and promoting programs for sustainable energy. From our locations across the U.S., Bank of the West is taking action to help protect the planet, improve people’s lives, and strengthen communities. We are part of BNP Paribas, a global leader supporting the UN Sustainable Development Goals (SDGs). Yes, we’re a bank, but as the bank for a changing world, we are continually seeking to improve the ways we help our customers, while contributing to more sustainable and equitable growth.
Job Description Summary
The ideal candidate will be responsible for managing a team who controls workflow activities and meets deadlines; maintaining, organizing, and gathering information; and mentor, coach, and manage junior Risk Management team members assigned to projects. This individual collaborates with management and business partners to identify key messages and objectives of the report.
Essential Job Functions
Identify and document risk to Information Security, Physical Security, Busines
Resiliency and overall effectiveness of Operational Controls within the Bank through completion of Third Party Service Providers security assessments.
Lead on-site security assessments at selected third party locations.
Review external audit reports, vulnerability and penetration test results, Business Resiliency Plans, etc.
Interview IT personal and key staff responsible for configuration management, compliance, Incident Response, access control, and other critical functions of Information Security, Physical Security and Business Resiliency.
Formally document assessment for visibility within the organization and tracking purposes.
Responsible for coordinating, developing, managing, and maintaining Corporate Security reports and supporting documents presented to Senior Management and Board-level Committees.
Work very closely with Third Party Program Office and Contract Administration to provide Corporate Security Risk Assessment support for security vendor assessments.
Perform security assessments of vendors according to risk.
Coordinate with Security Engineering/Architecture to determine mitigating controls or other recommendations on an as-needed basis.
Identify, then assist the Bank’s Third Party Program Office, as required, to track remediation of vulnerabilities or other security risks.
Plans and maintains the schedule and workflow for multiple reports and administrative tasks, while overseeing all submission timelines. Works directly with subject matter experts to produce, contribute, review, or approve the results.
Manages projects and teams to support requested initiatives or other projects.
Serves as liason and leads communication between business units, department leaders, executive leaders, and committees to ensure proper approvals and submission of reports and supporting documents.
Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Corporate Security’s vendor risk assessment program capabilities to industry standards.
Demonstrates expertise in identifying IT risks, Physical Security risks, and Business Resiliency risks and implementing risk mitigating procedures using standard risk management guidelines including HIPAA, HITECH, PCI, COSO, COBIT, NIST, ITIL and various other control frameworks.
Strong Program/Project Management skills with proven ability to facilitate communications, motivate team members, and manage stakeholder expectations.
Strong ability to partner with various business and technology groups to identify, develop and execute project requirements.
Research industry trends and best practices as noted through organizations such as PCI-DSS, NIST and ISO.
Domestic and International travel is required and a valid passport is needed. Ability to travel on short notice if required.
High School Diploma or GED Required
Technology risk or security certification such as CISSP, CISM, CISA, CRISC or equivalent certification is required.
7 years of experience in Risk Management, Information Security, IT Audit, Physical Security, or Business Resiliency (aka BCP/DR), especially working within a professional organization, preferably as Tier 2 system support or other IT area with exposure to system configuration and application hardening. Applicants should have a diverse knowledge of supporting enterprise applications and systems such as Windows environments and Active Directory.
Expert ability to exercise sound judgment regarding assessment findings and make effective recommendations to management.
Ability to work effectively on multiple projects within a team structure.
Ability to meet time sensitive deadlines.
Ability to work and achieve goals without constant supervision.
Excellent management and control of work flow to produce deliverables within required timeframes and quality standards.
Excellent knowledge of Microsoft Office tools.
Excellent verbal and written communication skills. Superb inter-personal and partnering skills to facilitate effective working relationships.
Excellent understanding of financial industry, risk management, and/or corporate security.
Ability to problem solve and make swift, sound judgements.
Ability to adjust to rapidly changing security environment and prioritize deliverables.
Ability to condense information and transform technical data into easily understandable concepts.
Experience mentoring team members and educating others on security assessments practices.
Excellent knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy, or Physical Security or Business Resiliency.
Solid knowledge of security controls for the handling of Personally Identifiable Information (PII) data
Experience with the following assessment frameworks/standards:
COBIT/SOX IT Control Testing
Solid knowledge of regulations and security compliance requirements affecting financial institutions (FFIEC)
Training in Risk Management or IT Audit Methodology strongly desired
Equal Employment Opportunity Policy
Bank of the West is an Equal Opportunity employer and proud to provide equal employment opportunity to all job seekers without regard to any status protected by applicable law. Bank of the West is also an Affirmative Action employer - Minority / Female / Disabled / Veteran.
Bank of the West will consider for employment qualified applicants with criminal histories pursuant to the San Francisco Fair Chance Ordinance subject to the requirements of all state and federal laws and regulations.
Location: United States-Nebraska-Omaha
Requisition ID: 056393