The Information Security Analyst plays a key role in the Information Security program with responsibility for Identity & Access Management (IAM) initiatives related to the periodic user access certifications control. The Analyst will perform prioritization and timely execution of the periodic user access certification lifecycle across the organization.
This Information Security Analyst will analyze and report access related risk reduction resulted from the periodic user access certifications to executive level business, IT and information security leadership. The Analyst's work product will be shared with internal and external CNB's regulators. The Analyst will be responsible for ensuring compliance with Sarbanes-Oxley (SOX) Act and other regulatory requirements. The Analyst will manage and coordinate the periodic user access certification process, create presentations, briefings, and communications for a variety of internal and external stakeholders.
This position entails analysis and access risk reduction within the IAM area of Information Security, and compliance with SOX and other regulatory requirements. This also includes defining and maintaining processes and procedures related to periodic user access certifications and reporting to security and IT leadership.
* Manage the periodic user access certification review lifecycle in alignment with IT Risk management and regulatory requirements
* Work cooperatively across multiple teams in a challenging, dynamic and global environment
* Work with multiple stakeholders to establish end-to-end periodic user access certification lifecycle
* Coordinate the periodic user access certification review activities (e.g. meeting with system admins, ensuring completes and accuracy of data, tracking and following up on outstanding user access certification reviews, etc.)
* Contribute to continuous improvement of procedures and technology related to the design and effectiveness of existing user access certification review controls
* Create new and maintain existing process and procedural documentation for various risk analysis and risk assessment activities
* Publish routine, accurate analysis and assessment reports related to the periodic user access certification area discipline
* Plan and facilitate meetings, making formal presentations to various audiences that establish the procedures regarding the implementation of project outcome
* Participate in other security support projects and duties as needed or requested
* *Bachelor's degree in business, computer science or related field
* *Minimum of 7 years' experience in Information/Cyber Security field
* *Minimum of 10 year experience in cyber security operations, incident response, IT risk management or investigations
Job Skills and Knowledge
* Bachelor's or Master's degree in Business, Computer Science, Project Management, or related field with a record of academic excellence is a must
* Ability to write effective business communications (e.g. emails, slide content) with impeccable grammar and spelling is a must
* Mastery of slide creation, proficiency in spreadsheets is a must
* Ability to apply logical thinking to break down complex problems, identify patterns, and defend audit findings is a must
* Extremely high degree of organizational skills and attention to detail is a must
* Comfortable in fast-pace and deadline-drive work environments is a must
* Self-motivated team player with ability to provide an outstanding customer service is a must
* Demonstrated knowledge of financial regulation and control frameworks applicable to IAM risk within Information Security
* Demonstrated experience in developing high visibility presentations for various stakeholders across the organization
* Experience with internal control frameworks such as COBIT and CMMI model preferred
* Security certifications (CISA, CISM or CISSP) preferred
* Exposure to banking or equivalent highly controlled technology environment preferred
*Represents basic qualifications for the position. To be considered for this position you must at least meet the basic qualifications.
Equal Opportunity/Affirmative Action Employer, Minorities/Females/Individuals with Disabilities/Veterans
Note: This preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
Note: Candidates should be advised that City National Bank does not pay interviewee travel expenses or relocation expenses for candidates who are hired unless previously agreed.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled