Apply on Employer Site

TAB Bank · 2 months ago

Info Security GRC Analyst Strat Partnership

Ogden, UT

Full-time

Onsite

Entry, Mid Level

1+ years exp

TAB Bank is focused on providing access to financial success for everyone, and they are seeking an Info Security GRC Analyst to assist the Information Security and Strategic Partnerships teams in protecting customer information. This role involves working with fintech partners to assess and improve security issues related to banking products.

BankingFinanceFinancial ServicesFinTech

Growth Opportunities

No H1B

Responsibilities

Review program managers, vendors, and 3rd parties’ security posture – review and evaluate SOC2 reports, policies, procedures, assessments, and other evidence as needed to help TAB protect our customer data

Develop routine reports in accordance with GRC and Strategic Partnership metrics

Coordinate and track improvement actions from multiple partners, escalating areas of concern appropriately

Participate in periodic, risk-based targeted and annual site visits to review and assess adherence to security programs. Write and present results of visits to bank committees

Periodic travel required, no more than 25%

Provide feedback and direction on the vendor evaluation process – are we asking the right questions at the right time to our program managers?

Implement and improve the risk management function of the information security program to ensure risks are identified, monitored, and aligned with business risk tolerance

Work with internal and external auditors, FDIC examiners and outside consultants as appropriate on security assessments and audits

Other duties as assigned

Qualification

Professional security certificationInformation security risk managementVendor security evaluationCompliance practicesSecurity standardsCommunication skillsCritical thinking skillsDocumentation skills

Required

At least one professional security certification

Act with integrity, take pride in your work, seek to excel, be curious, adaptable, and communicate well

Preferred

College diploma or university degree, 1-3 years of GRC work experience preferred

Professional certifications such as CISSP, CRISC, CISA, CISM, PCI etc. highly valued

Knowledge of information security risk management frameworks and compliance practices

Experience evaluating vendor security posture and developing monitoring and action plans for 3rd parties who need improvements

Ability to assess security standards and guidelines based on best practices and industry standards

Understanding of common security standards and regulations relating to a banking environment (FDIC, FFIEC, PCI, etc.)

Skills in documenting risk and compliance activities

Familiarity with ISMS and security frameworks, particularly NIST, PCI and CIS

Performing Third Party Risk Assessments for new and existing vendor tools, on premise implementations, and third parties with access to the environment

Must have a basic understanding of information technology industry trends and emerging technologies and an ability to relate them to the company and its objectives

Good communication skills including both technical and business writing, documentation, and presentation skills

Ability to interpret and translate business requirements into technical security requirements that meet enterprise security standards and policies

Critical thinking skills and the ability to solve problems as they arise