TransPecos Banks
GRC Security Analyst
TransPecos Banks, San Antonio, Texas, United States, 78208
Job Description
Job Title : GRC Security Analyst
This position is available for remote work option.
Summary : The GRC (Governance, Risk, & Compliance) Security Analyst assists in identifying, managing, and mitigating IT and cybersecurity risks, while enhancing the bank's governance and compliance framework relating to information security, disaster recovery, cloud and business resiliency. The GRC Security Analyst will play a key role in ensuring the bank complies with regulatory requirements, internal policies, and information security industry standards.
Wage Type : Salaried
Essential Duties & Responsibilities: To perform this job successfully, an individual must be able to perform each of the essential duties satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Assist in developing, implementing, and maintaining the bank's IT compliance, information security and privacy frameworks and adherence to regulatory requirements. Monitor changes in regulatory requirements and assess their impact on the bank's operations. Identify, classify, assess, and document assets, technologies, and related security risks and controls. Perform ongoing security monitoring using data loss prevention tools, log reviews, cloud environments, and role-based access control monitoring. Support the development of risk mitigation strategies and action plans. Conduct regular IT risk, privacy, and business continuity risk assessments and maintain a centralized risk register, including periodic testing of internal controls in accordance with Enterprise Risk Management requirements. Performs annual and ad hoc business impact analysis (BIA) and disaster recovery table top exercises under the direction of the CISO. Conduct IT and BCM compliance gap analyses to identify areas for improvement and assists in drafting, reviewing, and updating compliance policies and procedures. Manage and monitor security awareness, education, and training to employees. Investigate and document security-related incidents and breaches. Develop and update policies and procedures to support WAF, BCM, information security, and IT risk management goals and alignment with the risk appetite of the enterprise. Complete ongoing reviews of third-party due diligence related to vendors, FinTech partners and other third parties for compliance with part 364 appendix B requirements, business resiliency standards, cloud WAF and model risk standards. Support root cause analysis and recommend corrective and preventive measures. Track and report on the resolution of audit, exam and IT compliance monitoring issues. Manage GRC security tools and software for monitoring and reporting; Prepare reports and dashboards to communicate compliance performance to senior management and stakeholders; Monitor and report on the status of risk remediation activities. Support audits, inspections, and reviews conducted by regulators and external parties. Carries out responsibilities in a manner consistent with our values and operating principles, in accordance with policy and applicable laws, and with a commitment to commitment to continuous improvement and process excellence. Any other duties as assigned. Key Deliverables:
Satisfactory audit results and regulatory examinations. Timeliness and accuracy of risk assessments and reporting. Satisfactory and timely resolution of compliance incidents. Organizational Structure :
Reports to: EVP Chief Compliance Officer & Information Security Officer
Supervises: NA
Qualifications:
Education:
Bachelor's degree in Business Administration, Finance, Risk Management, Law, or a related field. Certifications such as CRISC, CISA, CISM, CISSP, or equivalent are preferred. Required Knowledge/Skills:
2-4 years of experience in a GRC, compliance, IT risk management or enterprise risk management role, preferably in the banking or financial services sector. Familiarity with banking regulations, Interagency Information Security Standards and cyber security frameworks (e.g., NIST 2.0 CSF/RMF, PCI DSS, FFIEC, FDIC part 364 Appendix B, GDPR, etc.). Strong analytical and problem-solving skills. Knowledge of risk assessment methodologies and compliance frameworks. Ability to manage multiple priorities and work collaboratively in a team environment. Talents:
Proactive and analytical professional with a strong understanding of regulatory compliance in the banking sector. Strong positivity. Mission driven, competitive, goal oriented, and motivated to develop themselves and others. Energetic, resourceful, and appropriate work intensity to get the work done Strong people acumen and relationship skills; Naturally pre-disposed to quickly establish positive personal and professional relationships. Other:
Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form. Must be able to lift to 20 pounds.
TransPecos Banks will not accept unsolicited resumes from any source other than the candidate. We will consider any candidate for whom an Agency submits an unsolicited resume, to have been referred to us by the Agency free of any charges or fees, other than those agencies we engage on a specific search. TransPecos Banks will not pay a fee for any placement resulting from the receipt of an unsolicited resume.
Job Title : GRC Security Analyst
This position is available for remote work option.
Summary : The GRC (Governance, Risk, & Compliance) Security Analyst assists in identifying, managing, and mitigating IT and cybersecurity risks, while enhancing the bank's governance and compliance framework relating to information security, disaster recovery, cloud and business resiliency. The GRC Security Analyst will play a key role in ensuring the bank complies with regulatory requirements, internal policies, and information security industry standards.
Wage Type : Salaried
Essential Duties & Responsibilities: To perform this job successfully, an individual must be able to perform each of the essential duties satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Assist in developing, implementing, and maintaining the bank's IT compliance, information security and privacy frameworks and adherence to regulatory requirements. Monitor changes in regulatory requirements and assess their impact on the bank's operations. Identify, classify, assess, and document assets, technologies, and related security risks and controls. Perform ongoing security monitoring using data loss prevention tools, log reviews, cloud environments, and role-based access control monitoring. Support the development of risk mitigation strategies and action plans. Conduct regular IT risk, privacy, and business continuity risk assessments and maintain a centralized risk register, including periodic testing of internal controls in accordance with Enterprise Risk Management requirements. Performs annual and ad hoc business impact analysis (BIA) and disaster recovery table top exercises under the direction of the CISO. Conduct IT and BCM compliance gap analyses to identify areas for improvement and assists in drafting, reviewing, and updating compliance policies and procedures. Manage and monitor security awareness, education, and training to employees. Investigate and document security-related incidents and breaches. Develop and update policies and procedures to support WAF, BCM, information security, and IT risk management goals and alignment with the risk appetite of the enterprise. Complete ongoing reviews of third-party due diligence related to vendors, FinTech partners and other third parties for compliance with part 364 appendix B requirements, business resiliency standards, cloud WAF and model risk standards. Support root cause analysis and recommend corrective and preventive measures. Track and report on the resolution of audit, exam and IT compliance monitoring issues. Manage GRC security tools and software for monitoring and reporting; Prepare reports and dashboards to communicate compliance performance to senior management and stakeholders; Monitor and report on the status of risk remediation activities. Support audits, inspections, and reviews conducted by regulators and external parties. Carries out responsibilities in a manner consistent with our values and operating principles, in accordance with policy and applicable laws, and with a commitment to commitment to continuous improvement and process excellence. Any other duties as assigned. Key Deliverables:
Satisfactory audit results and regulatory examinations. Timeliness and accuracy of risk assessments and reporting. Satisfactory and timely resolution of compliance incidents. Organizational Structure :
Reports to: EVP Chief Compliance Officer & Information Security Officer
Supervises: NA
Qualifications:
Education:
Bachelor's degree in Business Administration, Finance, Risk Management, Law, or a related field. Certifications such as CRISC, CISA, CISM, CISSP, or equivalent are preferred. Required Knowledge/Skills:
2-4 years of experience in a GRC, compliance, IT risk management or enterprise risk management role, preferably in the banking or financial services sector. Familiarity with banking regulations, Interagency Information Security Standards and cyber security frameworks (e.g., NIST 2.0 CSF/RMF, PCI DSS, FFIEC, FDIC part 364 Appendix B, GDPR, etc.). Strong analytical and problem-solving skills. Knowledge of risk assessment methodologies and compliance frameworks. Ability to manage multiple priorities and work collaboratively in a team environment. Talents:
Proactive and analytical professional with a strong understanding of regulatory compliance in the banking sector. Strong positivity. Mission driven, competitive, goal oriented, and motivated to develop themselves and others. Energetic, resourceful, and appropriate work intensity to get the work done Strong people acumen and relationship skills; Naturally pre-disposed to quickly establish positive personal and professional relationships. Other:
Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form. Must be able to lift to 20 pounds.
TransPecos Banks will not accept unsolicited resumes from any source other than the candidate. We will consider any candidate for whom an Agency submits an unsolicited resume, to have been referred to us by the Agency free of any charges or fees, other than those agencies we engage on a specific search. TransPecos Banks will not pay a fee for any placement resulting from the receipt of an unsolicited resume.