Apply on Employer Site

Commerce Bank · 15 hours ago

IT Risk Analyst II

Kansas City, MO

Full-time

Hybrid

Mid Level

$39.40/hr - $46.40/hr

3+ years exp

Commerce Bank is dedicated to helping individuals and businesses achieve financial success. The IT Risk Analyst II role is focused on managing security operations and risk assessments to ensure the security and compliance of enterprise systems.

BankingFinanceFinancial Services

No H1B

Responsibilities

Manage and maintain secure SSO integrations across enterprise applications

Investigate and resolve incidents related to brand impersonation, credential leaks, and external threats

Plan and execute phishing simulations; track and report user performance metrics

Document and summarize security incidents for executive and audit reporting

Compile and present key security metrics (MTTD, MTTR, vulnerability SLAs, awareness KPIs)

Schedule and manage penetration testing engagements; track remediation efforts

Oversee social engineering testing and ensure findings are addressed

Conduct security risk assessments for new contracts and vendors; ensure compliance with standards

Assign and review risk assessments for new applications prior to deployment

Maintain risk register; secure commitment dates for vulnerability remediation and track progress

Continuously monitor third-party service providers for compliance and security posture

Develop and deliver training programs to improve security culture

Analyze annual report findings and align internal controls to industry benchmarks

Perform other duties as assigned

Qualification

Information SecurityRisk ManagementSSO PlatformsPhishing SimulationVendor Risk ManagementWindows AdministrationLinux AdministrationReporting SkillsMicrosoft OfficeProject ManagementAttention to DetailCommunication SkillsTeam PlayerAdaptabilitySelf-StarterOrganizational Skills

Required

Intermediate knowledge of User Awareness Training systems and Phishing Simulation administration

Intermediate knowledge of SSO platforms (Okta, Azure AD), phishing simulation tools and vulnerability scanners

Intermediate knowledge of risk register administration and vendor risk management

Intermediate knowledge of Windows and Linux workstations, Windows and Linux servers, and associated administration

Strong reporting skills; ability to influence stakeholders and drive remediation commitments

Project management skills and the ability to work within Information Security project implementations

Motivated and organized self-starter with strong attention to detail and the ability to manage multiple priorities

Inquisitive, agile and strong team player with excellent written, verbal and interpersonal communication skills

Ability to remain adaptable and resilient to all situations with an optimistic outlook and cast a positive shadow that is aligned with our culture and Core Values

Intermediate level proficiency with Microsoft Word, Excel and Outlook

Bachelor's degree in information systems, computer science or equivalent combination of education and experience required

3+ years in Information Security, with exposure to both operational security and risk management required

Must be eligible to work in the US without sponsorship now or in the future

Preferred

3+ years experience conducting contract reviews and assessing associated risk and compliance preferred

Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), ISO 27001 Lead Auditor, or equivalent certifications preferred