What are the responsibilities and job description for the Technology Risk and Controls Analyst position at MidCountry Bank?
ABOUT CB SHARED SERVICES, INC.
CB Shared Services, Inc. (CBSSI) is a privately owned shared services company that provides information technology services for eight affiliated Minnesota community banks and their branch locations. CBSSI’s strategic intent is to provide strategy, enterprise architecture, regulatory compliance, and technology operations across all banking systems for each of the affiliate banks. Customer experience, thought leadership, collaboration, fiduciary responsibilities, and security as a mindset are how we deliver quality products and services to our customers.
OVERVIEW
As the Technology Risk and Control Analyst (TRC Analyst), you will play an integral role developing and implementing security policies, standards, procedures, and guidelines in alignment with the organization’s overall risk management strategy. This highly visible and critical work will include conducting risk assessments and audits to identify vulnerabilities and potential threats to the organization's information systems, networks, and data plus more. You will lead the charge on regular monitoring and reporting of compliance which is based on the organization’s established policies and procedures, as well as ensuring that all stakeholders are aware of potential risks and compliance requirements.
A hands-on and detail oriented TRC Analyst will also oversee the implementation of security controls and technologies to protect the organization's information assets, including data encryption, access controls, and intrusion detection and prevention systems; all while collaborating with internal and external stakeholders to develop incident response plans and procedures to ensure timely and effective response to security incidents. Your passion and skills will be centered around creating seamless experiences for our customers with emphasis on security while partnering with a top-notch team of Business Analysts, Infrastructure Engineers, and Service Desk Analysts. A successful TRC Analyst in this position will take a hands-on approach to Policy, Security and Risk Management within the IT department, thrive in a fast-paced environment, and possess a superb communication style!
KEY RESPONSIBILITIES
- Responsible for developing and implementing information security policies, standards, procedures, and guidelines in alignment with the organization's overall risk management strategy.
- Maintain an organized and comprehensive database of security documentation, including control matrices, test scripts, and supporting evidence.
- Assist with vendor management and contract review processes.
JOB REQUIREMENTS
Education:
- BS degree in computer science, information security, cybersecurity, or equivalent experience
Experience:
- Knowledge of NIST Cybersecurity Framework (preferred), CIS Controls, FFIEC, SOC2 Framework, and COBIT
- Proven experience (5 years) in information security within the financial technology industry or a similar domain.
- Experience in conducting control testing, documenting results, and maintaining supporting evidence.
- A proficient understanding of banking systems and industry regulations is highly desirable.
- Experience within Fiserv’s core banking platform.
Knowledge/Skills/Abilities:
- High level of curiosity in understanding the underlying business and the security threats we want to solve using technology.
- Strong negotiation, management, and decision-making skills
- Excellent analytical, problem-solving, and organizational skills
- Solid understanding of IT controls, risk management principles, and information security best practices.
- Understanding of security threat landscape and tools and processes to prevent, detect and respond to these threats.
- Strong analytical and problem-solving skills with a keen eye for detail.
- High ethical standards and the ability to handle confidential information with integrity and professionalism.
