What are the responsibilities and job description for the IT Governance Risk & Compliance Analyst I, II or III position at Bankers Trust Company?
There are important qualities you look for in an employer – meaningful work, community engagement, competitive benefits, commitment to employee development, and so many more. At Bankers Trust, our team members experience an inclusive and community-focused culture and we’re proud of the premier workplace we’ve created. We regularly receive best in class results through our biennial employee engagement survey. We’re also proud to receive recognition from others, including our designation as a “Best Place for Working Parents®,” being a four-time recipient of the Greater Des Moines Partnership’s Inclusion Award, and being named one of the “Best Businesses Supporting Local Charity” by readers of the Business Record.
Job Summary:
The IT Governance Risk and Compliance (GRC) Analyst will review documentation, audit findings, applicable regulatory requirements and industry best practices to identify compliance concerns and gaps. This position will review vulnerability data creating metrics and work with other technology areas to identify best practice in correcting identified issues to remediate identified issues. The position will identify and assess cybersecurity risks and verify any strategies to mitigate the risks.
This position will be hired as a GRC I , II or III depending on experience.
Primary Functions and/or Responsibilities:
- Develops and maintains documentation supporting current regulatory and cybersecurity framework requirements while meeting business objectives
- Researches and applies knowledge of controls, threats, vulnerabilities, risk, and technical systems to assist with technology planning and roadmaps to harden systems and close vulnerabilities. Researches and analyzes business trends and behavioral data to identify opportunities for improvements and new initiatives.
- Develops an understanding of the network and security infrastructure, systems, and tools to improve security strategies relative to the vision of the business while meeting compliance obligations by evaluating cyber security threats, risk, vulnerabilities, and processes to determine relative risk to the product, system, and organization.
- Collaborates with cross-function teams and external partners to understand cybersecurity posture focusing on compliance and risk reduction.
- Researches and recommends security controls for current and emerging technologies to be utilized by business units.
- Reviews previous audits and audit findings to streamline cybersecurity and technology controls to meet intent of findings.
- Manages, maintains and updates list of approved products at use by business units while maintaining a list of compliance metrics and corrective actions.
- Assists Identity Access Management team with compliance reviews, monthly and annual audits.
- Reviews and maintains vulnerability metric information identifying tolerance levels and method of correction or risk acceptance for out of tolerance; completes research to help determine best course of action for vulnerabilities.
- Reviews current and ongoing projects for cybersecurity concerns, IT risk and compliance concerns; identifies resources needed to assist projects in meeting cybersecurity requirements without slowing project velocity.
- Manages and maintains current artifact list and sources for current and future audits.
- Performs other duties as assigned
Education and/or Experience:
- GRC I:
- Four-year college degree in a related field preferred OR an equivalent combination of education and experience
- Experience in cyber threat and vulnerability analysis and remediation
- Experience involving internal and external penetration testing, and application testing
- Information Security Certification (CISSP, GSEC, CISA, CSSK, Security etc.) or other related security certification is highly desired
- Prior working experience in a regulated industry is preferred
- Experience with SCCM/MECM or other patching utilities
- Experience with Microsoft Active Directory, Group Policy Objects, Microsoft 365, Microsoft Azure, Entune
- Experience with various IT roles beyond Cybersecurity, cloud architectures and vendor management is preferred
- 2 years of experience in any of the following security and control frameworks is preferred NIST Cybersecurity Framework, CRI Profile, CIS, NIST, FFIEC IT Examination Handbook, MITRE ATT&CK or COBIT
- CRC II:
- Four-year degree in Computer Science or equivalent required
- At least six years of experience working with highly available enterprise systems which include various aspects of Compute, Storage, and Backup components.
- Experience in cyber threat and vulnerability analysis and remediation
- Information Security Certification (CISSP, CISA, CCSK, GISP etc.) or other related security certification is highly desired
- Prior working experience in a regulated industry is preferred
- Experience on project teams as collaborator, contributor and/or lead; Project management certifications desired
- Experience with SCCM/MECM or other patching utilities
- Experience with Microsoft Active Directory, Group Policy Objects, Microsoft 365, Microsoft Azure, Entune
- Experience with various IT roles beyond Cybersecurity, cloud architectures and vendor management is preferred
- 5 years of experience in any of the following security and control frameworks is preferred NIST Cybersecurity Framework, CRI Profile, CIS, NIST, FFIEC IT Examination Handbook, MITRE ATT&CK or COBIT
- CRC III:
- Four-year degree in Computer Science or equivalent required
- At least eight years of experience working with highly available enterprise systems which include various aspects of Compute, Storage, and Backup components.
- Experience in cyber threat and vulnerability analysis and remediation
- Information Security Certification (CISSP, CISA, CCSK, GISP etc.) or other related security certification is highly desired
- Prior working experience in a regulated industry is preferred
- Experience on project teams as collaborator, contributor and/or lead; Project management certifications desired
- Experience with SCCM/MECM or other patching utilities
- Experience with Microsoft Active Directory, Group Policy Objects, Microsoft 365, Microsoft Azure, Entune
- Experience with various IT roles beyond Cybersecurity, cloud architectures and vendor management is preferred
- 5 years of experience in any of the following security and control frameworks is preferred NIST Cybersecurity Framework, CRI Profile, CIS, NIST, FFIEC IT Examination Handbook, MITRE ATT&CK or COBIT
Specific Skills, Knowledge & Abilities:
- Knowledge of Banking or Financial Institution regulatory requirements helpful
- Ability to work in a fast paced, highly visible, changing environment
- Ability to interpret, understand, and communicate real business risks in relation to technology risks
- Strong security awareness and knowledge
- Ability to manage multiple topics and demands concurrently
- Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management
- Working knowledge of Microsoft Power Platform
Hiring Salary Range
The hiring range below reflects targeted base salary. Actual compensation will be determined based on the candidate’s prior related experience & education and will be finalized at the time of offer. In addition to base salary, most positions are also eligible to participate in our annual bonus program. Select positions may also be eligible to earn incentives and/or commissions. Hiring Salary Range: GRC III $88,000 - $104,500, GRC II $76,000 - $91,000, GRC I $66,000 - $78,000
Benefits
- Group Health, Dental, and Vision Insurance
- Generous Paid Time Off (PTO)
- Volunteer Time Off (VTO)
- 401(k) plan with lucrative company match
- Tuition assistance
- Company Paid Life Insurance
- Paid Parental Leave
- Lifestyle Accounts that provide employees with reimbursement for the things that are most important to them such as childcare, student loan payments, gym memberships, pet insurance and much more.
- Team Member Banking - a suite of products and services with special benefits for employees
Hybrid Eligibility: Position may be eligible for a hybrid work schedule (requiring some days in the office each week).
EQUAL OPPORTUNITY EMPLOYER
“PROTECTED VETERANS” AND “INDIVIDUAL WITH DISABILITY”
Salary : $88,000 - $104,500
