Apply on Employer Site

Commerce Bank · 22 hours ago

IT Risk Analyst II

MO - Kansas City Downtown/Plaza - Kansas City - KC Downtown Trust Building (922 Walnut) (64106)

Full-time

Hybrid

Mid Level

$39.40/hr - $46.40/hr

3+ years exp

Commerce Bank is committed to helping people find financial safety and success, and they are seeking an IT Risk Analyst II to lead and execute critical functions across Operational Security and Information Security Risk Management. This role is responsible for managing risk and compliance obligations, overseeing security operations, and driving measurable improvements in security posture.

BankingFinanceFinancial Services

No H1B

Responsibilities

Manage and maintain secure SSO integrations across enterprise applications

Investigate and resolve incidents related to brand impersonation, credential leaks, and external threats

Plan and execute phishing simulations; track and report user performance metrics

Document and summarize security incidents for executive and audit reporting

Compile and present key security metrics (MTTD, MTTR, vulnerability SLAs, awareness KPIs)

Schedule and manage penetration testing engagements; track remediation efforts

Oversee social engineering testing and ensure findings are addressed

Conduct security risk assessments for new contracts and vendors; ensure compliance with standards

Assign and review risk assessments for new applications prior to deployment

Maintain risk register; secure commitment dates for vulnerability remediation and track progress

Continuously monitor third-party service providers for compliance and security posture

Develop and deliver training programs to improve security culture

Analyze annual report findings and align internal controls to industry benchmarks

Perform other duties as assigned

Qualification

Information SecurityRisk ManagementSSO PlatformsPhishing SimulationVendor Risk ManagementWindows AdministrationLinux AdministrationReporting SkillsMicrosoft OfficeProject ManagementAttention to DetailCommunication SkillsSelf-Starter

Required

Intermediate knowledge of User Awareness Training systems and Phishing Simulation administration

Intermediate knowledge of SSO platforms (Okta, Azure AD), phishing simulation tools and vulnerability scanners

Intermediate knowledge of risk register administration and vendor risk management

Intermediate knowledge of Windows and Linux workstations, Windows and Linux servers, and associated administration

Strong reporting skills; ability to influence stakeholders and drive remediation commitments

Project management skills and the ability to work within Information Security project implementations

Motivated and organized self-starter with strong attention to detail and the ability to manage multiple priorities

Inquisitive, agile and strong team player with excellent written, verbal and interpersonal communication skills

Ability to remain adaptable and resilient to all situations with an optimistic outlook and cast a positive shadow that is aligned with our culture and Core Values

Intermediate level proficiency with Microsoft Word, Excel and Outlook

Bachelor's degree in information systems, computer science or equivalent combination of education and experience required

3+ years in Information Security, with exposure to both operational security and risk management required

Preferred

3+ years experience conducting contract reviews and assessing associated risk and compliance preferred

Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), ISO 27001 Lead Auditor, or equivalent certifications preferred