Risk Analyst -IT

<strong>As a healthy, growing and thriving bank, we offer employees everything they need to flourish in the world of banking. That&rsquo;s because we strongly believe our people are our strongest assets. From advancement opportunities to employee development, we invest in our people to be the best they can be.<br /><br /></strong>Member FDIC&nbsp; |&nbsp; Equal Housing Lender&nbsp;

Troy, MI

Chemical Bank

<p><strong>Since 1917, Chemical Bank&rsquo;s home town approach to banking has been focused on community banking, highlighted by local leadership and decision making, a devotion to community and personalized service. We pride ourselves on being an Equal Opportunity Employer.<br /><br />As a Chemical Banker, you will join other professionals who share our community banking philosophy of making a positive impact where we live, work and play. You will be a part of a growing community bank that believes in the dreams of its customers and employees alike. With Chemical Bank, you will make a difference in your community while enjoying excellent benefits and top career opportunities. Visit our&nbsp;<a href="https://www.chemicalbank.com/careers/">Careers Page</a>&nbsp;for more information.<br /><br /></strong></p> <p class="p1">Member FDIC &nbsp;<span class="s1">|</span>&nbsp; Equal Housing Lender</p> <p class="p2">&nbsp;</p> https://www.chemicalbank.com/

keywords: risk management,support,risk management,analysis,security,performance,consulting,management,experience,communication,degree,knowledge,assign

Full-Time

Competitive Compensation and Benefits Package

Overview: Focus&nbsp;on risk assessment management to protect the information assets of the bank and support the information technology governance policies and processes, compliance, information security, change control and business continuity plans, utilizing&nbsp;knowledge of industry best practices, policies and good judgment in assessing controls, identifying weakness and tracking through remediation, in support of Talmer,&nbsp;regulatory and compliance information security requirements.&nbsp;The IT Risk Analyst will actively work with business partners to ensure a solid IT governance framework.
Responsibilities: <ul> <li>Ensure strategic objectives of the IT risk management program are met including the execution of risk assessment activities, coordination of risk response and program testing and validation.</li> <li>Assist in the investigation of security breaches, or potential breaches, and assist where required.</li> <li>Assist with vulnerability testing and participate in security configuration determinations.</li> <li>Investigate suspicious activity until resolution, collaborating with other IT associates to identify and remediate the issue.</li> <li>Review, update previously created risk assessments of Talmer processes, systems and programs recommending enhancements where identified.</li> <li>Perform annual risk assessments related to VOIP, and Virtualization, as well as others identified, identifying potential issues, control gaps, and potential process efficiencies.</li> <li>Track weaknesses/findings identified through the risk assessment process to completion to identify adherence with the agreed upon remediation schedules.</li> <li>Assist in the facilitation of audits conducted by third party and internal auditors.</li> <li>Documents risk analysis and controls and evaluates control design and continuous control improvement</li> <li>Work with Human Resources to enhance the BAI online Information Security training, as well assist the Information Security Manager in expanding ongoing security awareness training.</li> <li>Where required, assist the Information Security Analyst in perform routine security monitoring tasks.</li> <li>Work with the various Security team members, IT infrastructure, network and /or operations teams, to ensure an understanding of the implemented technologies, as well as business area reliance.</li> <li>Assist the Risk Analyst in evaluating the results of identified risk assessments, advise management of potential security issues, and propose remediation solutions.</li> <li>Partner/Interfaces with user and IT community to understand business needs, as well as mitigating controls in place to address the risks identified as part of each risk assessment.</li> <li>Provide assistance in identifying risk(s) and associated controls required for ongoing processes, as well as proposed projects.</li> <li>Assist in the investigation of security breaches or potential breaches where required.</li> <li>Produce metrics reports on risk management initiatives.</li> <li>Work with Information Security Manager to provide compliance and/or audit management evidence as required.</li> <li>Evaluate newly proposed security policies, partnering with IT and other business areas to identify the associated risks to comply and provide recommendations to management.</li> <li>Identify opportunities to improve workflow and understand and quantify business impacts of those improvements for communication to management.</li> <li>Advise management on industry developments in business practice, technology, security issues and legislation that impact the company&rsquo;s security policy.</li> <li>Experience in Data Loss Prevention (DLP) a plus.</li> <li>Perform other Information Security Management activities as assigned.</li> </ul>
Requirements: <ul> <li>Bachelor&rsquo;s Degree in Business, IT or related field or equivalent work experience; CISA a plus.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Minimum of 3 &ndash; 5 years of IT experience, preferably with 2-3 years in information security/IT assurance and/or IT compliance/audit.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Previous banking experienced preferred.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Ability to manage deadlines. Either achieve all deadlines or set appropriate expectations in advance.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Possess knowledge and understanding of a breadth of information technologies and information security topics.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Demonstrated ability in the development of solutions and/or mitigations related to security vulnerabilities.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Experience in FIS solutions, business continuity software and banking applications preferred. Active Directory, Database, SQL knowledge is a plus.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Strong written and verbal communication with solid presentation skills and are a must.</li> <li style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Excellent analytical ability, and planning/organization skills. Self-motivated to carry out assignments with minimal supervision and collaborate well with others.</li> </ul> <p style="margin: 0in 0in 0pt;">&nbsp;</p> <p style="margin: 0in 0in 0pt;"><strong><span style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">General Working Conditions:</span></strong></p> <p style="margin: 0in 0in 0pt;"><span style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">While performing the duties of this job, the employee is required to communicate effectively with other, sit, stand, walk, and use hands to handle keyboard, telephone, paper, files, and other equipment and objects. The employee is occasionally required to reach with hands and arms. This position requires the ability to review detailed documents and read computer screens. The employee will occasionally lift and/or move up to 10 pounds. The work environment requires appropriate interaction with others. The noise level in the work environment is moderate. </span></p> <p style="margin: 0in 0in 0pt;">&nbsp;</p> <p style="margin: 0in 0in 0pt;"><span style="font-family: 'Calibri','sans-serif'; font-size: 9pt;">This classification description is intended to indicate the general kinds of tasks and levels of work difficulty that are required of positions given this title and should not be construed as declaring what the specific duties and responsibilities of any particular position shall be. It is not intended to limit or in any way modify the right of any supervisor to assign, direct and control the work of the employees under her/his supervision. The use of a particular expression or illustration describing duties shall not exclude other duties not mentioned that are of a similar kind or level of difficulty.</span></p>