Be an early applicantLess than 25 applicants

Company

Original Job Post

Amalgamated Bank · 4 days ago

GRC Security Analyst

New York, NY

Contract

Onsite

Senior Level

$60K/yr - $70K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Banking

Insider Connection @Amalgamated Bank

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.

Manage a comprehensive risk register within a GRC-related platform.

Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks.

Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.

Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.

Analyze findings, and document, recommend, and report program gaps to security leadership.

Assist in the development of Policy, Procedures, and Standards. Build and maintain a central IS documentation repository with periodic review/update as needed.

Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices, and procedures.

Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.

Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.

Work in tandem with security, audit, and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.

Attend and fully engage in change and project management meetings.

Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.

Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance, and privacy laws.

Perform other duties as assigned.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

CybersecuritySecurity frameworksBusiness acumenComplianceRegulatory requirementsPCISOXHIPAAGDPRGLBAISO 27001/2ITILNISTCloud computingDevOpsApplication securityIncident responseSystem configurationVulnerability managementHardening guidelinesCISSPCRISCCGEITGRCPProblem-solvingCommunicationAdaptabilityIntegrityTrustworthinessCloud Environments AWS

Required

Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.

At least 5+ years’ experience in cybersecurity as a practitioner and with at least 2 to 3+ years exposure with various security frameworks.

Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.

Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST.

Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.

Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.

Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines.

Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Highly trustworthy; leads by example.

Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or GRCP.

Preferred

Prior team leadership experience preferred.

Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure.

Prior experience with leading GRC systems from vendors such as RSA, MetricStream and IBM.

Familiarity with state, federal and international privacy laws.

Company

Amalgamated Bank

For nearly a century, Amalgamated Bank has been America’s Socially Responsible bank supporting thousands of people, organizations, causes and businesses.

Founded in 1923

New York, New York, USA

201-500 employees