Arkansas Employer
IT Governance Risk and Compliance Analyst II
Arkansas Employer, Conway, Arkansas, us, 72035
This job was posted by https://www.arjoblink.arkansas.gov : For more information, please see: https://www.arjoblink.arkansas.gov/jobs/4349633
The IT Governance Risk and Compliance Analyst II supports the IT Strategy & Control Program\'s mission of strengthening and optimizing the Centennial Bank IT Department\'s control and security posture. This is accomplished through the development and implementation of various Governance, Risk, and Compliance management activities.
This is a remote position.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Perform First Line of Defense testing to evaluate the design and overall effectiveness of IT controls.
2. Conduct periodic IT and Information Security risk assessments to help IT management assess known risks and identity new risks.
3. Consult with project teams to ensure inclusion of adequate controls are in scope for projects.
4. Provide guidance and assists with policy, procedure, and standard development and updates across the IT organization.
5. Stay current on changes to regulatory guidance, FFIEC work programs, and other related compliance programs.
6. Act as a liaison and coordinates with auditors (internal and external) to answer process questions and to provide evidence related to audit engagements.
7. Monitor control remediation initiatives.
8. Provide recommendations and assists with strategic planning activities and plan updates.
9. Support the shaping, development, and continuous improvement of control frameworks across IT.
10. Analyze control environment and recommend/implement continuous monitoring to help streamline monitoring activities.
11. Maintain and provide assistance with ownership of the IT control library.
12. Complete required BSA/AML training and other compliance training as assigned.
13. The ability to work in a constant state of alertness and in a safe manner.
14. Perform any other related duties as required or assigned.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty mentioned satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
EDUCATION AND EXPERIENCE
Broad knowledge of such fields as accounting, marketing, business administration, finance, etc. Equivalent to a four-year college degree, plus 4 years related experience and/or training, and 4 years related management experience, or equivalent combination of education and experience.
REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS
At least one of the certifications from the Preferred Certificates, Licenses, and Registrations is required. Other relevant certifications may be considered for this requirement but must be approved by the department head.
PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS
-Certified Information Systems Security Professional (CISSP)
-Certified Information Systems Auditor (CISA)
-Certified Information Security Management (CISM)
-Certified in Risk and Information Systems Control (CRISC)
-Certified Internal Auditor (CIA)
-Certified in Risk Management and Assurance (CRMA)
-Certified in Governance of Enterprise IT (CGEIT)
-GIAC Security Essentials (GSEC)
-Project Management Professional (PMP)
-Lean Six Sigma (yellow, green, black belt).
SOFTWARE SKILLS REQUIRED
Intermediate: Database, Presentation/PowerPoint, Spreadsheet, Word Processing/Typing
ADDITIONAL INFORMATION
-Masters degree in a related field is a plus.
-Experience with Sarbanes Oxley audits, SOC 1 and SOC 2 audits, and other regulatory examinations is a plus.
-Excellent interpersonal and communication skills to work with all levels of management, employees, peers, and vendors.
-Excellent analytical and problem-solving skills to solve/manage complex technical problems.
-Ability to prioritize tasks and time, and exercise good judgment and common sens in all activities.
-Working knowledge of the following control frameworks is preferred: COBIT, NIST CSF, ISO/IEC 27002, CIS Controls, PCI DSS
The IT Governance Risk and Compliance Analyst II supports the IT Strategy & Control Program\'s mission of strengthening and optimizing the Centennial Bank IT Department\'s control and security posture. This is accomplished through the development and implementation of various Governance, Risk, and Compliance management activities.
This is a remote position.
ESSENTIAL DUTIES AND RESPONSIBILITIES
1. Perform First Line of Defense testing to evaluate the design and overall effectiveness of IT controls.
2. Conduct periodic IT and Information Security risk assessments to help IT management assess known risks and identity new risks.
3. Consult with project teams to ensure inclusion of adequate controls are in scope for projects.
4. Provide guidance and assists with policy, procedure, and standard development and updates across the IT organization.
5. Stay current on changes to regulatory guidance, FFIEC work programs, and other related compliance programs.
6. Act as a liaison and coordinates with auditors (internal and external) to answer process questions and to provide evidence related to audit engagements.
7. Monitor control remediation initiatives.
8. Provide recommendations and assists with strategic planning activities and plan updates.
9. Support the shaping, development, and continuous improvement of control frameworks across IT.
10. Analyze control environment and recommend/implement continuous monitoring to help streamline monitoring activities.
11. Maintain and provide assistance with ownership of the IT control library.
12. Complete required BSA/AML training and other compliance training as assigned.
13. The ability to work in a constant state of alertness and in a safe manner.
14. Perform any other related duties as required or assigned.
QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty mentioned satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
EDUCATION AND EXPERIENCE
Broad knowledge of such fields as accounting, marketing, business administration, finance, etc. Equivalent to a four-year college degree, plus 4 years related experience and/or training, and 4 years related management experience, or equivalent combination of education and experience.
REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS
At least one of the certifications from the Preferred Certificates, Licenses, and Registrations is required. Other relevant certifications may be considered for this requirement but must be approved by the department head.
PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS
-Certified Information Systems Security Professional (CISSP)
-Certified Information Systems Auditor (CISA)
-Certified Information Security Management (CISM)
-Certified in Risk and Information Systems Control (CRISC)
-Certified Internal Auditor (CIA)
-Certified in Risk Management and Assurance (CRMA)
-Certified in Governance of Enterprise IT (CGEIT)
-GIAC Security Essentials (GSEC)
-Project Management Professional (PMP)
-Lean Six Sigma (yellow, green, black belt).
SOFTWARE SKILLS REQUIRED
Intermediate: Database, Presentation/PowerPoint, Spreadsheet, Word Processing/Typing
ADDITIONAL INFORMATION
-Masters degree in a related field is a plus.
-Experience with Sarbanes Oxley audits, SOC 1 and SOC 2 audits, and other regulatory examinations is a plus.
-Excellent interpersonal and communication skills to work with all levels of management, employees, peers, and vendors.
-Excellent analytical and problem-solving skills to solve/manage complex technical problems.
-Ability to prioritize tasks and time, and exercise good judgment and common sens in all activities.
-Working knowledge of the following control frameworks is preferred: COBIT, NIST CSF, ISO/IEC 27002, CIS Controls, PCI DSS