Information Security Senior Analyst

Hilltop Holdings is looking for a Information Security Senior Analyst! Reporting to the Information Security Risk Director, the Information Security (IS) Senior Analyst is a critical second line of defense role driving Hilltop Holdings to understand, implement and regularly validate compliance to information technology and information security control and risk management practices that meet regulatory, contractual and company policy obligations. This position will ensure the implementation and operation of the information technology and information security control and risk management function while shaping the processes, practices and establishing the controls and compliance culture. This position will support the GRC Governance, Third Party Risk and Compliance processes, manage risk, ensure critical controls are implemented and operating effectively, and ultimately help reduce corporate Technology & Operations department, corporate and Line of Business risk.

The Information Security Senior Analyst is a key member of the Information Security Risk team. This team is responsible for the risk assessment, planning and evaluation of IT general controls, SOX controls and reporting, and NIST 800-53 controls including execution of the annual cyber risk assessment of the Information Security Program and implementing and maintaining the Information Security risk register. The position provides broad exposure to various levels of management, including senior leaders in Internal Audit, Finance, Human Resources, Marketing/Sales, Vendor Risk Management, Information Security, Information Technology, and Legal along with Line of Business senior leaders.

The Information Security Senior Analyst will manage day-to-day efforts of the GRC Controls and Risk team. Activities will include the evaluation of findings, providing recommendations to Technology leaders and, assisting in remediation planning and tracking, supporting definition of GRC automation needs including reporting requirements, maintaining the control framework (library, applicability and control plan updates), leading control assurance testing, regularly interacting with control owners and assisting in compliance awareness efforts while supporting compliance obligations as required.

Responsibilities

• Leading the ITGC controls testing in alignment with company, customer, and regulatory obligations
• Provide guidance and oversite to control owners in handling audit findings and remediation, compliance, controls, assurance testing plans, testing results and overall challenges
• Ensure control testing deficiencies are properly documented with action plans implemented for timely remediation.
• Identify and prioritize improvements in control and risk processes, including automation vs manual processes
• Provide support in determining training/education needs (based on interaction with control plan owners)
• Support the ongoing evaluation of cybersecurity capabilities to determine the maturity and effectiveness of capability implementation using various cybersecurity and IT Risk frameworks (NIST, ISO, COBIT, CIS, etc.).
• Collaborate with stakeholders and internal business partners to assess cyber risk and evaluate the design and effectiveness of cybersecurity controls within the line of business. Lead staff interviews, evidence collection, and surveys (where applicable), review business process descriptions, analyze business and workflow.
• Aggregate and evaluate risks, develop and maintain a risk register, perform risk analysis and quantification to enumerate top risks and provide risk reporting
• Maintain strong knowledge of the regulatory requirements and core cyber security and risk practices/standards by participating in professional associations, attending educational workshops, reviewing professional publications, and self-learning opportunities.
• Participate in risk and other management forums and contribute to continuous improvement of cyber risk practices
  
  
  

Qualifications

• Minimum BA/BS or equivalent work experience in audit, security assurance, management information systems or a related field preferred
• Work experience in GRC areas preferred (e.g. risk management, compliance & regulation, controls automation, continuous controls monitoring and security)
• 5 years of governance risk and compliance (GRC) or related security experience
• Ability to manage projects across multiple teams or groups (strong organization skills)
• Strong attention to detail in evaluating the completion of various project phases
• Ability to prioritize assigned work and complete activities in a timely manner
• Excellent written and oral communication skills, and the ability to clearly communicate requirements to a wide range of individuals
• Ability to work independently and in a team environment
• Proficiency with AuditBoard (Optro) (preferred)
• Proficiency with Word, Excel, and PowerPoint (required)
• Pursue opportunities to develop existing and new skills outside of comfort zone
• Focus on building trusted relationship
• Industry relevant certification (CISA, CRISC, Etc.) within one year
  
  
  

The above statements are intended to describe the general nature and level of work being performed by individuals in, or assigned to, the above position and are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required, and may be changed at the discretion of the Company.

About Us

Founded in 1998 and headquartered in Dallas, Texas, Hilltop Holdings offers a diverse range of financial services through its three primary subsidiaries, PlainsCapital Bank, PrimeLending, and HilltopSecurities. PlainsCapital Bank is a leading commercial bank with locations throughout Texas. PrimeLending is a national mortgage provider focused on purchase mortgage originations. HilltopSecurities provides financial advisory, clearing, retail brokerage, and other investment banking services. Hilltop Holdings seeks to build the premier Texas-based diversified financial services holding company through acquisitions and organic growth. To learn more, please visit www.hilltop.com .

About The Team

The Information Technology department at Hilltop Holdings is a forward-thinking team dedicated to delivering innovative technological solutions that drive success in the financial services industry. Our department leverages cutting-edge technologies to enhance operational efficiency, customer experiences, and ensure the security and integrity of our systems and data. We are committed to staying at the forefront of technological advancements, constantly exploring new opportunities in emerging trends. Our team fosters a collaborative and respectful work environment. We empower our talented professionals to develop creative solutions and drive digital transformation across the organization. With a strong focus on agility and adaptability, our department is instrumental in enabling Hilltop to stay ahead of the curve in an ever-evolving digital landscape.