Analyst, Information Security Risk

Position Summary: Technology and Information Security Risk Management (TISRM) group is looking for a Information Security Risk Analyst as a direct report to the Director of Information Security Risk Management. In this role, the candidate will be responsible for assessing information security risks across the organization. The individual will perform risk assessments and enhance the continuous Information Security risk monitoring program.

Essential Functions and Responsibilities: 

•    Perform information security risk assessments across the organization to ensure information security risks are identified, assessed, quantified, appropriately mitigated and managed through the lifecycle of the product and/or service.
•    Draft reports which include information security metrics (KRI/KPI), program status, information security risk profile(s), risk acceptances and other information to provide a holistic picture of Information Security Risk of the organization.
•    Perform periodic/ad-hoc reviews/testing to determine if information security controls are operating effectively.
•    Escalate issues to appropriate levels within organization
•    Stay current in technology specific information security risk management techniques, industry best practices, and regulatory requirements, as well as specific areas of information security risk.
•    Perform Information Security risk assessments of technology enabled projects; activities include vendor reviews, security requirement definition, and facilitation of security testing and management of residual risk
•    Perform vendor security risk assessment activities that include evaluation of vendor controls and practices, process enhancements, performing on site assessments, reviewing security test reports, and analyzing and developing security requirements

Qualifications Required: 

•    Bachelor’s degree in risk management, business administration, management information system, mathematics, finance, economics, or a related area.
•    Up to 1 year of experience performing risk assessments, e.g., RCSA.
•    Ability and eagerness to understand (at a high level) existing and emerging technologies, and to work with technical teams in a liaison-like capacity.
•    Ability to understand management objectives, risk appetite, tolerances, and impact of changes to risk profiles.
•    Maintain current knowledge of new regulations and emerging industry risks and report potential and/or actual enterprise impact to management.

Qualifications Desired: 

•    Familiarity with IT governance and controls, including governance and control frameworks, such as COBIT, ITIL, FFIEC, COSO or equivalent is a plus, but not required.
•    Extremely Strong analytical and problem-solving skills.
•    Ability to work with all levels within the organization.
•    Ability to work independently and proactively.  
•     Collaborative, innovative, resourceful, results oriented, with appropriate judgment.

Physical demands and work environment: Work is generally sedentary in nature. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.

Employees in this position will report to the office 3 days per week. Occasional travel may be required. Onsite work requirements may change at any time.

The anticipated annual salary range for NY-based candidates this position is $80,000 to $85,000. Base salary will be determined by the role, experience, skill set and location. For eligible positions, discretionary incentive compensation may be awarded contingent on personal and company performance. Our benefits program includes medical, dental, vision, life insurance, 401k plan with company contribution and company match, tuition reimbursement and more. 

About The Clearing House: The Clearing House (TCH) is a banking association and payments company that is owned by the largest commercial banks in the United States. TCH owns and operates the core payments system infrastructure in the US and is currently working to modernize that infrastructure by launching a new, ubiquitous, real-time payment system. TCH is the only private-sector ACH and wire operator in the US, clearing and settling nearly $2 trillion in US dollar payments each day, representing half of all commercial ACH and wire volume. TCH has provided critical services to the banking industry since 1853, and today, our core products facilitate services including Direct Deposit of payroll, bill payments, and check image exchange.