Information Security Risk Specialist

About the Role:

The Information Security Risk Specialist plays a critical role in safeguarding an organization's information assets by identifying, assessing, and mitigating security risks. This position involves developing and implementing risk management strategies that align with business objectives and regulatory requirements. The specialist will collaborate with cross-functional teams to ensure security controls are effective and that risk exposure is minimized.The ideal candidate must have an understanding of current and emerging technological trends and be able to implement appropriate security controls. Also requires an awareness of IT standards, regulations, and laws affecting financial institutions. They are responsible for examining applications from new customers, requesting supportive and missing data and information, and working with other departments to classify data. 

Understanding the way the Bank operates and the various internal and external factors that may affect its performance and information security is vital to this role.  Strong communication skills are also necessary to communicate technological concepts and techniques in daily work. Analytical thinking skills are also crucial, as they must apply a high level of technical knowledge and skill while working in a fast-paced environment. This role also requires strong problem-solving skills and the ability to work independently to successfully perform the assigned tasks.  Must learn effective methods to manage risk and have the ability to analyze complex data, interpret laws, and represent management views. Good understanding of all risk-related issues and procedures relating to bank products and services.

Minimum Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• At least 3 years of experience in information security risk management or a similar role.
• Strong understanding of risk assessment methodologies and information security frameworks such as NIST, ISO 27001, or CIS Controls.
• Familiarity with regulatory requirements such as GDPR, HIPAA, or SOX.
• Excellent analytical, communication, and problem-solving skills.

Preferred Qualifications:

• Professional certifications such as CISSP, CISM, CRISC, or equivalent.
• Experience with security governance, risk, and compliance (GRC) tools.
• Knowledge of cloud security risk management and emerging technologies.
• Experience working in a large enterprise or highly regulated industry.
• Advanced degree in cybersecurity, risk management, or business administration.

Responsibilities:

• Conduct comprehensive risk assessments to identify potential threats to information systems and data.
• Develop, implement, and maintain risk management frameworks and policies in accordance with industry standards and regulations.
• Collaborate with IT, compliance, and business teams to design and enforce security controls that mitigate identified risks.
• Monitor and report on risk metrics, security incidents, and compliance status to senior management and stakeholders.
• Stay current with evolving cybersecurity threats, vulnerabilities, and regulatory changes to update risk strategies accordingly.

Skills:

The Information Security Risk Specialist uses analytical skills daily to evaluate complex security risks and develop effective mitigation strategies. Communication skills are essential for collaborating with diverse teams and conveying risk findings to both technical and non-technical stakeholders. Proficiency with risk management frameworks and tools enables the specialist to implement structured and repeatable processes for assessing and managing risks. Knowledge of regulatory environments ensures that risk strategies comply with legal and industry standards. Additionally, staying informed about emerging threats and technologies allows the specialist to adapt risk management approaches proactively, maintaining a strong security posture.

Salary : $95,000 - $123,600