Job Description

Ref No.:17-01039
Location: Charlotte, North Carolina
Risk Analyst
Location: Charlotte, NC
contract - perm

Position Description

Serves as a risk analyst dedicated to Data Security program in the Information Protection and Risk Management group, also working closely with the Third Party Risk Management and Integration Services teams to identify, document and recommend protection controls for structured and unstructured data internally and externally. Conducts risk assessments and provide data protection recommendations on requests to transmit data outside the firm and analysis of suppliers who provide high risk services to company and its subsidiaries, focusing on information security.

Job Responsibilities
  • Evaluate third party supplier risk information security controls and ensure they are aligned with internal standards
  • Review and understand the inherent risk characteristics for sourcing deals
  • Respond to requests to transmit data outside the firm and validate data protection controls are applied
  • Apply corporate methodologies relating to information security as well as the Operational Risk Management Methodology and approaches
  • Develop data protection control recommendations for use by Global Supply Chain, Information Protection and Risk Management, line of business personnel, and various risk councils within our financial client
  • Participate in developing quantitative risk models to assist with communicating and evaluating risk
  • Enter and track findings in enterprise systems (e.g., Ariba, OpenPages)
  • Participate in the development and improvement of assessment methodology and tools
  • Maintain subject matter expertise in information security as well as supplier management
  • Provide advice to Sourcing Consultants, Legal, etc. to on risk areas during contract negotiations
  • Assess supplier controls in regards to the specific services they are providing to company.
  • Examples of analysis include:
  • Review data protection controls for data at rest, in-motion and in-use
  • Review supplier policies, standards & procedures
  • Review supplier responses to supplier risk questionnaire and review all pertinent artifacts
  • Review independent assessments conducted by risk and compliance organizations
  • Assess supplier information technology general controls or review assessments thereof
  • Discuss risk and controls with suppliers and our financial client risk managers to clarify as needed
  • Conduct on-site supplier inspections of supplier controls
  • Participate in quantitative analysis to evaluate risk
  • Experience in the banking industry; preferably at a large bank holding company (BHC)
  • Understanding of federal banking guidelines/requirements
  • Knowledge of:
  • Information systems' security risks and controls
  • Federal Financial Institutions Examination Council (FFIEC) guidance and work plans
  • Recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS
  • Compliance aspects of GLBA, EU Data Protection Directive, Sarbanes-Oxley, and other relevant laws and regulations
  • Industry certification preferred (e.g., CISSP, CISM)
  • BS/BA or equivalent experience required
  • Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online