ERM IT Senior Analyst

Western Alliance Bank • Grove City, OH, United States • $200k - $250k / year • 1d ago

Western Alliance Bank ERM IT Senior Analyst - Grove City, Ohio

Job Title: ERM IT Senior Analyst
Location: CityScape

What you'll do: Western Alliance Bank Corporation is currently seeking a highly qualified and experienced Second Line of Defense Technology (IT) and Information Security (IS) Senior Analyst to join our IT/IS and TPRM risk management team. The successful candidate will support IT/IS risk management functions, including reviewing first line controls for completeness, assisting with targeted risk assessments, issue management, and risk reporting in technology and cybersecurity. This position offers an exciting opportunity to contribute to the bank's risk management framework and play a key role in safeguarding our institution against technology, information security, and third-party risks.

Responsibilities:

Monitor external industry trends and regulatory changes that may impact areas of risk oversight (Technology and Information Security).
Assist in the management of Penetration Testing and Physical Security testing with external vendors.
Create framework and communications for internal stakeholders, manage vendor deliverables for testing activities, finalize reporting, and manage issues identified through the testing process.
Reporting of internal metrics for IT/IS.
Perform Targeted Assessments of first line functions, including research frameworks, regulatory guidance, and trends in technology and information security.
Review and challenge first line Information Security and Technology functions, including the Cyber Risk Institute's Cyber Profile, first line policy and standards, Key Risk Indicators, and regulatory responses.
Support the risk and control inventory review for first line technology and information security functions.
Support issues from identification through review and validation for closure.
Develop, document, and support department standards and processes.
Engage with appropriate first, second, and third-line stakeholders to ensure effective communication and coordination between the three lines of defense.

Qualifications:

Bachelor's degree and 10+ years of experience with Finance, Risk Management, Cybersecurity, Computer Science, or a related field; Master's degree preferred.
Minimum of 5 years' experience with Information Security and/or Information Technology first line or second line functions.
In-depth knowledge of information security and technology principles in a highly regulated environment.
Background in creating and presenting to different levels and audiences across an organization.
Understanding of risk management practices, including risk definitions, development of controls, and issue management.
Strong ability to analyze processes and data for trending and recommend enhancements.
Effective communication skills with a demonstrated ability to engage, influence, and drive collaboration across stakeholders.
High degree of organization, individual initiative, and personal accountability in a fast-paced environment.
Knowledge of regulatory guidance for Third-Party, Technology, and/or Cybersecurity functions.
Knowledge of external frameworks for technology and/or cybersecurity (NIST, ITIL, COBIT, Shared Assessments, etc.).
Understanding of risk management principles in a highly regulated organization.
High level of speaking and writing skills.
Proficiency in risk management tools and systems, as well as advanced proficiency in Microsoft Office Suite, particularly Word, Excel, and PowerPoint.
Professional certification in Project Management, Technology, and/or Cybersecurity is preferred.