Sr. IT Governance Analyst

IT Governance Analyst



Hybrid position. Onsite work will be in Rosemead, CA.



The position is responsible for supporting key areas within the IT Governance organization. Key functions will focus on IT Risk Assessments, The position will also be involved with the key IT general controls to ensure compliance with FFIEC guidelines, responsible for tracking and reporting on open audit issues and working with the IT organization to ensure timely completion of the issues. Will be the interface to Internal Audit and Regulators. Ensure that all the IT areas are adhering to and in compliance with the IT Governance Operational Controls. Will be involved with the IT/IS risk assessment process focusing on controls validation and identification of control gaps. Monitors critical IT compliance activities and will work closely with information security team to ensure IT activities are in line with Information Security Program. Will also be responsible for managing and maintaining Security Baseline Configuration for critical systems.



ESSENTIAL FUNCTIONS

1. Work closely with the Internal Audit team to ensure opened audit issues are addressed and closed in a timely manner.
   
2. Work with the internal infrastructure team to ensure Baseline configuration and configuration management are being followed.
   
3. Involved in all aspects of IT general controls, to ensure compliance and address any control gaps.
   
4. Ensure IT Control Owners adhere to the control requirement and report any deficiency to management to ensure appropriate corrective action is taken.
   
5. Generate and understand performance reports such as meeting incidents SLAs, Helpdesk KPIs.
   
6. Will manage the change management and disaster recovery process.
   
7. Will be involved in vendor SSAE16 controls review.
   

• Collage degree preferred but not required.
  

• Must have a solid banking background in the governance area and FFIEC guidelines
  
• 2 to 5 years working knowledge of IT Governance roles and responsibilities Baseline Configuration and Configuration Management of information systems.
  
• Solid working knowledge of NIST and or COBIT control frameworks.
  
• Solid understanding of Change Management and Disaster Recovery processes.
  
• Experience with ServiceNow, ITSM, SCCM reporting, Rapid7, or similar solutions
  
• Good understanding of backup processes, disaster recovery and business continuity requirements.
  
• Solid understanding of IT Risk Assessment.
  
• Strong understanding of IT/IS Security Control frameworks (NIST, COBIT) and has worked with both internal auditors, as well as regulatory agencies.
  
• Solid understanding of system patching and security vulnerability management.
  

• Technical knowledge of network and server infrastructure, PC and platform operating systems Windows servers and PCs. Office365.
  
• Knowledge of regulatory practices and procedures enforcement relating to data privacy and protection.
  
• Logical thinker with excellent communications and problem-solving skills.
  
• Strong interpersonal communication and collaboration skills. Self-starter, highly motivated, and able to work with general supervision.