Triumph Financial
Senior Security Risk and Compliance Analyst
Triumph Financial, Dallas, Texas, United States, 75215
Join TriumphX!
TriumphX, a member of the Triumph Financial portfolio of brands, provides a concentration of technology and project management resources the members of the Triumph Financial portfolio of brands - TriumphPay, Triumph and TBK Bank - via a shared service model. We're looking for top tech and project management talent to analyze, recommend and build strategic solutions that support Triumph Financial's mission to become a world-class, market-leading financial and technology company.
Position Summary
The Senior Security Risk and Compliance Analyst is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company's security posture. The analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The analyst is also responsible for the planning and design of policies and maintenance. The Senior Security Risk and Compliance Analyst position reports to the VP, IT Risk & Compliance and assists in the building, support and maintenance of the GRC program. The analyst will engage in many facets of the information security and GRC programs while providing guidance and functioning as an experienced resource to control owners and business partners. The analyst will be given the ability to work with various teams to identify risks, deficiencies, create controls and report progress. The analyst should be someone who works well with others, leads, motivates others and has a passion for GRC. The ideal candidate is technical and possesses at least three years of experience in security, compliance or risk management. The role oversees the business' security requirements and obligations mandated by standards and regulations such as the Federal Financial Institutions Examination Council (FFIEC), Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley Act (SOX). In tandem with security leadership, the analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance. Essential Duties & Responsibilities
Assists in implementing, supporting and maintaining an effective and mature GRC program at Triumph.
Safeguards information system assets by identifying and solving potential and actual security and risk concerns
Protects systems by defining role and attribute-based access privileges, control structures, and resources
Engages with business partners and team members on risk and compliance issue identification and remediation processes
Conducts risk and compliance assessments of IT and Security standards.
Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered
Explains security controls with clarity to business and technical users
Performs Control Self Assessments and communicates deficiencies to control owners and management.
Assists in the design, development and remediation of IT general controls
Manages exceptions to IT and security policies.
Prepares GRC metrics and effectively communicates this through Executive level presentation and reporting.
Coordinates External (SOX, SOC1, SOC2, client and other regulatory) audits and Internal audits
Upgrades cyber security program and capabilities by implementing and maintaining security controls
Provides documentation and evidence to respond to audits
Contributes to team objectives
Experience & Education
Bachelor's degree in Information Security, Information Systems, Computer Science, or equivalent work experience
3+ years of prior relevant IT risk, IT security and/or IT audit experience
CISA, CISM, CRISC, or CISSP certification preferred
CIS 2.0 security and NIST 800-53 framework controls
FFIEC Cyber Assessment Tool (CAT)
Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, SOX, and GLBA. Additional experience in one or more of the following: SOC1, SOC2, ISO 27001/2, CIS or NIST 800-53.
Skills & Abilities Required
Ability to function with limited supervision
Strong interpersonal skills.
Quality written and oral communication, and presentation skills.
Critical thinking and problem-solving skills.
Attention to detail, patience and flexibility
Commitment to operational excellence and continuous process improvement.
Strategic project management and oversight of milestones and deliverables.
Strong knowledge of IT general controls
SOC Reports (SOC1/SOC2) Type I and II
Bank Federal and State Compliance regulations
Strong knowledge of Cybersecurity and its relation to IT deployment and implementations
Agile methodology
Knowledge of Risk, Compliance and Cyber Frameworks, such as, NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITIL
IT and security policy, standards and procedures creation and maintenance
Identity Access Management and Privileged Access Management (IAM and PAM)
Role and attribute-based access controls (RBAC and ABAC)
Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.
Work Environment
The work environment characteristics described here maybe encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Moderate noise (i.e. business office with computers, phone, and printers, light traffic).
Ability to work in a confined area.
Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary.
While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.
Specific vision abilities are required by this job due to computer work.
Light to moderate lifting is required.
Regular, predictable attendance is required.
#LI-JH1 We offer Medical, Dental, Vision, Paid Time Off, 401k and much more. Go on. Do it. Apply Today!
The Senior Security Risk and Compliance Analyst is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company's security posture. The analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The analyst is also responsible for the planning and design of policies and maintenance. The Senior Security Risk and Compliance Analyst position reports to the VP, IT Risk & Compliance and assists in the building, support and maintenance of the GRC program. The analyst will engage in many facets of the information security and GRC programs while providing guidance and functioning as an experienced resource to control owners and business partners. The analyst will be given the ability to work with various teams to identify risks, deficiencies, create controls and report progress. The analyst should be someone who works well with others, leads, motivates others and has a passion for GRC. The ideal candidate is technical and possesses at least three years of experience in security, compliance or risk management. The role oversees the business' security requirements and obligations mandated by standards and regulations such as the Federal Financial Institutions Examination Council (FFIEC), Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley Act (SOX). In tandem with security leadership, the analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance. Essential Duties & Responsibilities
Assists in implementing, supporting and maintaining an effective and mature GRC program at Triumph.
Safeguards information system assets by identifying and solving potential and actual security and risk concerns
Protects systems by defining role and attribute-based access privileges, control structures, and resources
Engages with business partners and team members on risk and compliance issue identification and remediation processes
Conducts risk and compliance assessments of IT and Security standards.
Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered
Explains security controls with clarity to business and technical users
Performs Control Self Assessments and communicates deficiencies to control owners and management.
Assists in the design, development and remediation of IT general controls
Manages exceptions to IT and security policies.
Prepares GRC metrics and effectively communicates this through Executive level presentation and reporting.
Coordinates External (SOX, SOC1, SOC2, client and other regulatory) audits and Internal audits
Upgrades cyber security program and capabilities by implementing and maintaining security controls
Provides documentation and evidence to respond to audits
Contributes to team objectives
Experience & Education
Bachelor's degree in Information Security, Information Systems, Computer Science, or equivalent work experience
3+ years of prior relevant IT risk, IT security and/or IT audit experience
CISA, CISM, CRISC, or CISSP certification preferred
CIS 2.0 security and NIST 800-53 framework controls
FFIEC Cyber Assessment Tool (CAT)
Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, SOX, and GLBA. Additional experience in one or more of the following: SOC1, SOC2, ISO 27001/2, CIS or NIST 800-53.
Skills & Abilities Required
Ability to function with limited supervision
Strong interpersonal skills.
Quality written and oral communication, and presentation skills.
Critical thinking and problem-solving skills.
Attention to detail, patience and flexibility
Commitment to operational excellence and continuous process improvement.
Strategic project management and oversight of milestones and deliverables.
Strong knowledge of IT general controls
SOC Reports (SOC1/SOC2) Type I and II
Bank Federal and State Compliance regulations
Strong knowledge of Cybersecurity and its relation to IT deployment and implementations
Agile methodology
Knowledge of Risk, Compliance and Cyber Frameworks, such as, NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITIL
IT and security policy, standards and procedures creation and maintenance
Identity Access Management and Privileged Access Management (IAM and PAM)
Role and attribute-based access controls (RBAC and ABAC)
Willingness to expand and apply security knowledge, skills, and abilities to department initiatives.
Work Environment
The work environment characteristics described here maybe encountered while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Moderate noise (i.e. business office with computers, phone, and printers, light traffic).
Ability to work in a confined area.
Ability to sit at a computer terminal for an extended period of time. Occasional stooping or kneeling may be necessary.
While performing the duties of this job, the employee is regularly required to stand, sit, talk, hear and use hands and fingers to operate a computer keyboard and telephone.
Specific vision abilities are required by this job due to computer work.
Light to moderate lifting is required.
Regular, predictable attendance is required.
#LI-JH1 We offer Medical, Dental, Vision, Paid Time Off, 401k and much more. Go on. Do it. Apply Today!