LEAD IT RISK ANALYST

WHAT IS THE OPPORTUNITY?

The Lead IT Risk Controls Analyst is a subject-area specialist with specialized training, methods, and analytic techniques to create recommendations and directions for IT risk mitigation in a complex technical environment. As the Lead IT Risk Controls Analyst, you will be responsible for overseeing the ongoing compliance of requirements in alignment to City National Bank and regulatory requirements including, but not limited to, implementation of risk management policies and procedures to ensure that the organization's IT infrastructure and data remain secure and compliant with regulatory requirements. This role involves identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and supporting the organization's risk management strategy. Focus areas of compliance assessment by the Lead ITRC Analyst includes third party security and overall IT program effectiveness in mitigating risk. The Lead ITRC Analyst's goal is to create actionable information for IT and business leadership, and to provide objective assessments of risks for auditors, regulators, and external parties. This requires routinely authoring detailed reports and gathering metrics, ensuring stakeholders receive accurate and complete information. The Lead ITRC Analyst keeps abreast of industry trends, technologies and cyber risk management approaches, regulatory changes, and often collaborates with other teams on IT risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's overall risk appetite. The Lead ITRC Analyst serves as an expert in their area of specialization. This role is a working lead that provides functional guidance and may coordinate or supervise the daily activities of individual contributors or working teams in areas of specialization. Provides input on resource planning, procedure creation and content. As the Lead ITRC Analyst, you will play a crucial role in safeguarding the digital assets and technological infrastructure of City National Bank. This position involves leading the development, implementation, and management of risk management practices that address the specific technical risks and regulatory requirements unique to the financial sector.

What you will do

• The role supports T&I in the creation of analytics & reporting to enhance senior management’s ability to anticipate and manage risks effectively.

• Manage the development and execution of first line risk management reporting including setting direction, goals and management awareness of risk and controls.

• Develop and execute on end-to-end change management of processes to gather and analyze relevant information.

• Leads the development and execution of processes to support the delivery of Risk Management reporting including the support of audience stakeholder groups.

• Lead analysis and documentation of information to support risk drivers & metrics.

• Assess risk within subject specialty area to evaluate the design and effectiveness of IT controls.

• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum IT and security standards.

• Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment.

• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques, or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts.

• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline.

• Participate in other IT risk support projects and duties as needed or requested.

• Develop and implement a comprehensive IT risk management framework tailored to the needs of the banking/financial technology environment.

• Conduct thorough risk assessments to identify vulnerabilities and evaluate risk in the context of financial sector threats and compliance mandates.

• Work closely with IT, security, and compliance departments to align risk management strategies with business objectives and regulatory obligations.

• Monitor and report on the effectiveness of risk mitigation and the compliance of IT systems with internal requirements as well as established industry standards such as PCI-DSS, FFIEC, GLBA, etc.

• Develop and oversee a training program for employees on effective risk management and compliance requirements to foster a risk-aware culture.

• Stay abreast of emerging security threats, technologies, and potential impacts on the financial services industry.

• Develop and maintain a comprehensive IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.

• Conduct risk assessments to identify vulnerabilities, assess potential impacts, and determine appropriate measures to manage risks effectively.

• Collaborate with IT and security teams to implement risk mitigation strategies and solutions.

• Monitor and report on compliance with IT/security policies, as well as the effectiveness of the controls and requirements.

• Lead incident response initiatives and provide support for ongoing investigations of suspicious activities and potential breaches.

• Provide training and guidance to staff on information security and risk management practices.

• Stay informed about the latest control challenges and regulatory changes that may affect the organization.

Must-Have*

• Bachelor's Degree or equivalent

• Minimum of 12 years’ experience in Information/Cyber Security field

• Minimum of 7 years’ experience in cyber security operations, incident response, IT risk management or investigation

• Minimum 3 years’ experience managing or coordinating resources such as people or projects.

Skills and Knowledge

• Demonstrated experience analyzing complex Information Security data sets within subject area specialty.

• Demonstrated knowledge of Information Security landscape -- threats, trends, technologies

• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk

• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.

• Strong commitment to working as a team and providing excellent customer service.

• Exposure to banking or equivalent highly controlled technology environment is preferred.

• Master’s degree in business, computer science or related field preferred.

• Professional certifications (CPA, CISA, CISM, CISSP, GSEC, etc.) are highly desired.

• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.).

• Experience in banking/financial industry is strongly preferred.

• Formalized training in cyber security analysis or assessment techniques.

• Big 4 experience is highly preferred.

• Proven experience in managing compliance with financial industry regulations and standards.

• Strong analytical skills to triage identified security vulnerabilities, risks, and design and implement effective mitigation strategies is preferred.

• Excellent communication skills, capable of effectively engaging and influencing various stakeholders from IT security technicians to executive management.

• Strong understanding of network infrastructure, database security, and data protection technologies is preferred.

• Experience with risk assessment tools, technologies, and methods.

• Familiarity with third party risk management and SOC reports.

• Minimum 2 years audit and assessment engagement management experience.

• Proficiency in creating and maintaining policies and compliance documentation.

• Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, and GDPR.

• Excellent communication, analytical, and organizational skills.

Compensation

Starting base salary: $111,408 - $189,738 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.

*To be considered for this position you must meet at least these basic qualifications

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.

Benefits and Perks

At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues. Get an inside look at our Benefits and Perks (https://image.emails.cnb.com/lib/fe5e15707c640c78771c/m/10/cbedd856-c2fc-491b-a625-3ab7a0fd9a65.pdf) .

INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT

City National Bank is an equal opportunity employer committed to diversity and inclusion. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other basis protected by law.

ABOUT CITY NATIONAL

We start with a basic premise: Business is personal. Since day one we've always gone further than the competition to help our clients, colleagues and community flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today. City National is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies.