Logo
Western Alliance Bank

Senior ERM IT/IS Analyst

Western Alliance Bank, Orient, Ohio, United States, 43146


Job Title: Senior ERM IT/IS Analyst Location: CityScape What you'll do: Western Alliance Bank Corporation is currently seeking a highly qualified and experienced Second Line of Defense Technology (IT) and Information Security (IS) Senior Analyst to join our IT/IS and TPRM risk management team in the second line of defense. The successful candidate will take on supporting IT/IS risk management functions. Duties would include reviewing first line controls for completeness, assisting with targeted risk assessments, issue management, and risk reporting in technology and cybersecurity. This person would help develop reporting and trends for IT & IS. This position offers an exciting opportunity to contribute to the bank's risk management framework and play a key role in safeguarding our institution against technology, information security and third-party risks. What we are looking for: Responsibilities: Monitor external industry trends and regulatory changes that may impact areas of risk oversight (Technology and Information Security). Assist in the management of Penetration Testing and Physical Security testing with external vendors. Create framework and communications for internal stakeholders, manage vendor deliverables for testing activities, finalize reporting and manage issues that are identified through the testing process. Reporting of internal metrics for IT/IS. Perform Targeted Assessments of first line functions. Including, research frameworks, regulatory guidance, and trends in technology and information security to provide support for targeted assessments. Review and challenge of first line Information Security and Technology functions, including the Cyber Risk Institute's Cyber Profile, first line policy and standards, Key Risk Indicators, and regulatory responses. Support the risk and control inventory review for first line technology and information security functions. Supporting issues from identification, through review and validation for closure. Develop, document and support department standards and processes. As needed this role would engage with appropriate first, second, and third-line stakeholders to ensure effective communication and coordination between the three lines of defense. Qualifications: Bachelor's degree and 10 years of experience with Finance, Risk Management, Cybersecurity, Computer Science, or a related field. Master's degree is preferred. Minimum of 5 years' experience with Information Security and/or Information Technology first line or second line functions. In depth knowledge of information security and technology principles in a highly regulated environment. Background in creating and presenting to different levels and audiences across an organization. Understanding of risk management practices, including understanding of risk definitions, development of controls and issue management. Strong ability to analyze processes and data for trending and recommend enhancements. Effective communication skills with a demonstrated ability to engage, influence, and drive collaboration across stakeholders. High degree of organization, individual initiative, and personal accountability in a fast-paced environment. Inclusive of ability to make decisions in an ambiguous environment. Knowledge of regulatory guidance for Third-Party, Technology and/or Cybersecurity functions. Knowledge of external frameworks for technology and/or cybersecurity (NIST, ITIL, COBIT, Shared Assessments, etc.). Understanding of risk management principles in a highly regulated organization, including risk identification, risk treatment and risk measurement. High level of speaking and writing skills. Proficiency in risk management tools and systems, as well as advanced proficiency in Microsoft Office Suite, particularly, Word, Excel, and PowerPoint. Professional certification in Project Management, Technology