What are the responsibilities and job description for the Info Security GRC Analyst Strat Partnership position at TAB Bank?
The GRC Analyst helps TAB provide access to financial success for everyone by assisting the Information Security and Strategic Partnerships teams to protect customer information. This role focuses on working with prospective, new, and existing fintech partners to assess, track, and improve security issues related to consumer and commercial private-label or bank card products.
Essential Duties and Responsibilities:
- Review program managers, vendors, and 3rd parties’ security posture – review and evaluate SOC2 reports, policies, procedures, assessments, and other evidence as needed to help TAB protect our customer data.
- Develop routine reports in accordance with GRC and Strategic Partnership metrics.
- Coordinate and track improvement actions from multiple partners, escalating areas of concern appropriately.
- Participate in periodic, risk-based targeted and annual site visits to review and assess adherence to security programs. Write and present results of visits to bank committees.
- Periodic travel required, no more than 25%.
- Provide feedback and direction on the vendor evaluation process – are we asking the right questions at the right time to our program managers?
- Implement and improve the risk management function of the information security program to ensure risks are identified, monitored, and aligned with business risk tolerance.
- Work with internal and external auditors, FDIC examiners and outside consultants as appropriate on security assessments and audits.
- Other duties as assigned.
Required education and experience:
- At least one professional security certification.
- Act with integrity, take pride in your work, seek to excel, be curious, adaptable, and communicate well.
Preferred education and experience:
- College diploma or university degree, 1-3 years of GRC work experience preferred.
- Professional certifications such as CISSP, CRISC, CISA, CISM, PCI etc. highly valued.
- Knowledge of information security risk management frameworks and compliance practices.
- Experience evaluating vendor security posture and developing monitoring and action plans for 3rd parties who need improvements.
- Ability to assess security standards and guidelines based on best practices and industry standards.
- Understanding of common security standards and regulations relating to a banking environment (FDIC, FFIEC, PCI, etc.).
Competencies:
- Skills in documenting risk and compliance activities.
- Familiarity with ISMS and security frameworks, particularly NIST, PCI and CIS.
- Performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment.
- Must have a basic understanding of information technology industry trends and emerging technologies and an ability to relate them to the company and its objectives.
- Good communication skills including both technical and business writing, documentation, and presentation skills.
- Ability to interpret and translate business requirements into technical security requirements that meet enterprise security standards and policies.
- Critical thinking skills and the ability to solve problems as they arise.
TAB Bank Offers:
- Onsite Gym
- Tuition Reimbursement
- Paid Holidays
- Gym Reimbursement
- College Scholarships for Employees and Families
- 401(k)
- Paid Time Off (PTO)
- Employee Assistance Program (EAP)
- I Made the Grade
- Holiday Club Program
- Medical, Dental, Vision, Life and AD&D, Voluntary Disability, Flex Spending & Dependent Care
TAB Bank will not sponsor applicants for work visas.