Hybrid - Senior Technology and Security Risk Analyst - Perm Role

$120,000 - $150,000

Full Time

  • Work from home



Job Description

This is Permanent role

Essential Duties

  • Execute day-to-day activities required to support the development of the Technology Risk Oversight (“TRO”) program.  Ability to blend and utilize their organizational, technical, business, and cyber security skill-sets.
  • Participate in projects and initiatives to bring a pro-active technology risk management focus by utilizing industry best practices.  
  • Develop a technology risk methodology for risk ranking the Bank’s assets according to business impact (i.e., hardware, software, associated data and supporting capabilities).
  • Maintain an up-to-date understanding of internal and external emerging risks; identify potential threats and vulnerabilities to the Bank’s assets to assist in the evaluation of technology risk.
  • Provide advice on how to meet technology focused regulatory obligations and assess the impact of proposed regulations through the evaluation of regulatory developments as well as implementation of required controls.
  • Collaborate with IT to perform Maturity Assessments for the Bank’s technology risk drivers (e.g., Information Security, IT Strategy, Project Management, etc.) and identify improvement opportunities.
  • Maintain an up-to-date understanding of new technology trends; help assess if and how these apply and provide value to the Bank while keeping align to the Bank’s risk tolerance.
  • Work with technology and business teams to develop and document IT risk scenarios, related risk analysis, along with risk responses to manage technology risk within their areas.
  • Investigate and evaluate technology related operational incidents. This includes assessing the breakdowns and identifying opportunities for internal control improvement.
  • Build and analyze the IT Risk Register, Controls Inventory, and Response Register.
  • Work on special and or ad-hoc projects as assigned via the Technology Risk Working Group of the Operational Risk Committee (e.g., Governance standards on Asset Management, etc.).
  • Assist in the preparation of technology risk related deliverables.



  • Bachelor’s Degree in Information Systems, Computer Science or related field preferred. Post graduate degree a plus or equivalent work experience.   
  • Related security, technical, and/or risk professional certifications desired (e.g., CRISC, CISA, CISM, CGEIT, CSX-P, CCSK v4, CISSP, SANS, AWS, etc.). 



  • Must have solid understanding of IT risk management concepts and practices;
  • Must have solid understanding of common risk and information security management frameworks and/or programs such as COBIT 2019, NIST, FIPS 199, CIS, ISO/IEC 27001, FedRAMP, FFIEC;
  • Proficient understanding of cyber security, technology operations (i.e., client server, LAN, UNIX, Windows, DB2, Oracle, SQL, VMWare, firewalls, cloud computing);  



  • Minimum 6+ years’ experience which may include a combination of IT security, infrastructure, cloud, architecture, data, IT risk/compliance, or IT governance.  
  • Past participation in either initial certification and/or renewal of ISO/IEC 27001, SOC 2/SSAE18, etc.
  • Operating/securing/assessing one of the following areas such as network security, identity access management, vulnerability management, cloud security, penetration testing, or encryption management.
  • Working with results generated from vulnerability assessments, penetration tests, threat modeling, and secure code reviews.
  • Various IT focused security risk assessments or technical assessments (e.g. related to cloud, network, systems, infrastructure, mobile, and web projects/initiatives).  
  • Analyzing complex technical systems and the business processes they support; synthesizing the corresponding risks and controls and recommending security solutions and remediation.
  • Analyzing data from various sources to identify trends, emerging risks and key insights.
  • Defining, developing, implementing, and monitoring KRIs and KPIs. 
  • Performing IT audits and/or IT SOX reviews. 
  • Coordinating with risk or audit on IT focused audits or risk assurance projects.
  • Financial services and banking industry a plus.