Information Security Risk and Compliance Analyst

Job Description:

Job Title: Information Security Risk and Compliance Analyst

Location: Topeka, KS

Employment Type: Full-Time

About Capitol Federal

At Capitol Federal Savings Bank, we are committed to helping individuals, families, and communities achieve financial success. With a long-standing tradition of integrity, service, and financial stewardship, we strive to deliver exceptional banking experiences to every customer we serve.

Our team members are the foundation of our success. We believe in fostering a supportive environment where employees can grow professionally, contribute meaningfully, and build rewarding careers.

Position Summary

The Information Security (IS) Risk and Compliance Analyst is a member of the Compliance and Risk Management team, working under the Information Security Officer Assistant Risk Manager with strong collaboration with the Information Technology (IT) Security department.  This position monitors key system access changes, configurations, and controls to ensure compliance with policy and best practices.  The position also oversees the process for employee reporting of suspicious e-mails.  This position manages the Bank’s social engineering and phishing testing program and provides user security training and awareness, including in person presentations and written communication.  This position performs IS risk assessments and supports other reviews of security control effectiveness. This position requires a knowledge of IT and IS best practices to advise on and assist with the Bank’s compliance with security and privacy requirements.  As well, independent decision making on matters of moderate complexity and appropriate discretion in handling of confidential information is required.

Key Responsibilities

The responsibilities listed below represent the primary duties of this position. Additional duties may be assigned as needed.

• Monitor key system access changes, configurations, and other access controls and advise IT personnel and business management on access policies and best practices.
• Oversee process for researching and responding to employee and consumer reported suspicious e-mails, and assist with phishing e-mail escalation and handling.  Maintain the Bank’s phishing email platform.
• Plan, perform, and monitor Bank social engineering and phishing exercises, including coordination with third-party provider and maintenance of internal phishing platform.  Report exercise results to management. 
• Manage the Bank’s security awareness training program, including developing training and awareness content, communicating with users in writing and verbally, and performing new employee training presentations.
• Perform IS risk assessments, such as GLBA-required information security assessments and electronic banking risk assessment, and other reviews of security control effectiveness.  As needed, work directly with IT and business management to assess and advise on IS risks and controls.
• Participate in proactive team efforts to achieve departmental and company goals, including involvement in IS projects impacting the department’s processes.
• Perform other duties as assigned.
• Must comply with current applicable laws, regulations and bank policies and procedures. Comply with all safety policies, practices and procedures. Report all unsafe activities to supervisor and/or Human Resources.

Required Qualifications

• At least 5 years of related experience, preferably within IT audit, governance, risk, or compliance domains.
• Additional industry certification related to information security or cybersecurity required (preferably: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).

• Working knowledge of IS and cybersecurity best practices, risks, and controls is imperative.
• Excellent analytical and organizational skills, with strong observational skills and attention to detail.
• Strong written and verbal communication skills, with ability to work with wide variety of audiences (e.g., senior management, entry level employees, etc.).
• Must have experience with Microsoft Office and similar applications for compilation and presentation of daily tasks.  Intermediate Microsoft Excel experience required, including use of semi-complex functions.  Microsoft VBA knowledge preferred.
• A significant level of trust and diplomacy is required to be an effective subject matter expert in the position. In-depth dialogues, conversations and explanations with employees, direct and indirect reports, and with outside vendors of a sensitive and/or highly confidential nature is a normal part of the daily activities. Communications can involve motivating, influencing, educating and/or advising management and employees matters on significance related to information security.

Core Competencies

Successful candidates typically demonstrate the following competencies:

• Customer Service
• Communication Skills
• Integrity and Professionalism
• Problem Solving
• Attention to Detail
• Team Collaboration
• Unconditional Ethics

Why Join Capitol Federal?

Capitol Federal offers employees a supportive workplace and opportunities for career growth.

Benefits may include:

• Competitive compensation
• Retirement and savings plans
• Flexible Spending Accounts
• Paid time off and holidays
• Employee Assistance Program
• Health, Dental, Life and Disability coverage
• Parental Leave
• Professional development opportunities
• Career Advancement Pathways

CapFed® is an equal opportunity employer.