Job Description
Our client is seeking a Security Risk Management (SRM) Associate who has a strong passion for information security risk management and is interested in building a career within a dynamic team at a fast-growing and reputable bank. The SRM Associate will assist with various information security risk and control assessments but will mainly support the client's Information Security Policy Governance program, which ensures that the Bank's policy framework aligns with current cybersecurity regulations and industry best practices. They will also be given opportunities to participate in information security risk management projects and will play a key role in expanding information security risk management practices in the Bank and in the Bank's various subsidiaries.
Responsibilities:
- Independently complete information security risk assessment activities such as self-assessments requested by clients and regulators, as needed.
- Continuously enhance and streamline processes and technology in the information security risk management space.
- Interface with other risk departments of the bank to collaborate on BAU activities and projects.
- Understand information security controls and associated risks and can articulate the risks and controls to both technical and business stakeholders, building risk and control awareness and maturity of technology and business users at all levels.
- Prioritize and complete internal and external risks assessments as required, including coordinating with stakeholders on requests and responses as needed.
- Thoroughly understand the Bank's security risk management policies and procedures in order to enhance them over time, to educate new/existing stakeholders when policies and standards change, and to leverage policy requirements in performing security risk assessments.
- Assist with periodically reviewing and updating information security policy documents.
- Perform risk assessments on new and existing applications and take actions on the relevant risk treatments such as issue remediations or risk acceptances upon consultation with the senior security risk team members.
- Perform security risk assessments on new/existing vendors as needed, as well as monitor and investigate vendors' security downgrades.
- Assist stakeholders with understanding assessment control questions and identifying compensating controls when needed.
- Simplify and explain risks associated with control gaps by articulating technical controls, risks, impacts, and likelihood in business and layman's terms.
- Support risk management tooling such as assessment tools and the risk register.
Requirements:
- Candidates will ideally have prior experience working in an information security role, and/or in developing policies and engaging relevant stakeholders to update content.
- Have basic knowledge of information security controls, risks, and best practices in the banking industry.
- Have basic knowledge of commonly used banking applications, operating systems, and databases.
- Have basic knowledge of cloud-based applications and tools.
- Have basic knowledge of cybersecurity regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27001, FFIEC, NIST).
- Have strong verbal and written communication skills.
- Ability to demonstrate a self-motivated and disciplined approach to learning and working.
- Ability to work in a team environment and demonstrate leadership skills when needed.
- Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.