Cybersecurity Risk Analyst- Northrim Building

At Northrim Bank, our vision is to be Alaska’s premier bank and employer of choice. We are looking for professional and knowledgeable employees who take pride in their work. We believe in providing value for our customers and communities.

Employee Benefits:

• Medical, Dental and Vision insurance, including FSA (Flex Spending Account)
• Paid Time Off to include select paid holidays
• Retirement Benefits with generous 401K match

Some Other Favorite Employee Benefits Include

Paid Parental Leave, Education Assistance, Employee Assistance Program, Employee Wellness Program and much more!

Position Summary

The Cybersecurity Risk Analyst supports the Company’s cyber and technology risk measures across multiple platforms and coordinates with appropriate departments to ensure timely risk remediation. This position is responsible for initial and recurring cybersecurity vendor due diligence, acts as the Company’s security awareness advocate and supports the Company’s disaster recovery planning and insurance program.

The following duties are intended to provide a representative summary of the major duties and responsibilities and ARE NOT intended to serve as a comprehensive list of all duties performed by all employees in this classification. Incumbent(s) may not be required to perform all duties listed and may be required to perform additional duties. 

Essential Duties and Responsibilities

Cybersecurity Risk

• Research and monitor risk trends and risk exposures in the banking, mortgage industry and business lines in which the Company is doing business. Evaluate Northrim’s vulnerability/exposure to identified risks and disseminate periodic updates to relevant stakeholders.
• Apply cyber risk management strategies to new technology threats. Support and update Company-wide incident response/cyber exercises, drills, and table-top training.
• Track and report ongoing patch management efforts. Identify areas for improvement and facilitate working groups to ensure timely and effective remediation.
• Implement and maintain effective incident response plans and playbooks.

Cybersecurity Due Diligence and Vendor Management

• Identify and assess risks associated with third-party vendor relationships.
• Conduct initial and recurring due diligence on third party service providers. Coordinate with Application Sponsors and Managers to ensure timely evaluation of risks are addressed and documented.
• Provide input and feedback to aid in the selection of new third party service providers.
• Maintain and update inventory of all Company third party service providers and vendors.  
• New & Existing Product/Venture Analysis – Evaluate risk potential for products/services/ventures. Assist managers in risk analysis, developing appropriate risk measurements and acceptable risk tolerance levels. 

Security and Awareness Training

• Maintain a comprehensive Company-wide security awareness and training program.
• Design and conduct internal social engineering tests, e.g. email phishing, vishing, etc. 
• Educate users on cybersecurity best practices. Conduct security awareness training and coaching, as needed.
• Support internal security posture testing and validation. 
• Facilitate meetings such as Ops & Tech, Risk Remediation and other meetings, as needed.
• Periodically inspect workplaces to ensure information security best practices are being followed.

Insurance Functions

• Manage and administer insurance policies, provide needed data for policy renewals and bind coverage.
• Identify insurable risks and acquire coverage, when appropriate.
• Initiate the claim process on covered losses and monitor situation through resolution.
• Complete online, written and in-person compliance training within established timeframes.
• Other duties as assigned.

Qualifications 

Education

• Bachelor’s degree or specialized training in IT, Computer Science, Cybersecurity, or related field. 

Experience

• Six years of specialized work in cybersecurity or risk management related role. Experience with financial institutions preferred.
• Experience with contingency and continuity of operations planning required. 
• Equivalent combination of education and/or experience that fulfill the requirements of the position may be considered. 
• Related military education/experience may be used as a substitute for education or work experience.

Licenses & Certifications 

• Industry-recognized security certifications such as CISM, CISSP, CompTIA Security+ strongly preferred.

Knowledge & Communication Skills 

• Working knowledge of information technology, network operations, and Governance, Risk and Compliance (GRC).
• Familiarity with cybersecurity Tactics, Techniques, and Procedures (TTPs) to identify and mitigate risks.
• Familiarity with security frameworks such as NIST, CIS, COBIT, CMMC, ISO 27001, etc.
• Ability to analyze SOC 1, 2 reports and other vendor management docs. 
• Ability to comprehend the balance of risk versus reward in operational and cybersecurity spaces.  
• Ability to discuss sensitive situations in a professional and confidential manner.
• Must understand and have the ability to implement applicable compliance requirements.

Analytical & Decision Making Skills 

• High level of analytical problem-solving skills to diagnose and resolve complex cybersecurity issues. 
• Ability to take ownership for issues and seek opportunities to meet or exceed expected outcomes. 
• Must be able to multi-task and accomplish a high degree of accurate work that adheres to established laws, processes, procedures and regulations.  

Computer/Software/Other Equipment Skills 

• Proficient knowledge of Microsoft 365 and related software.
• Proficient knowledge of cybersecurity tools and scanning software.
• Familiarity in utilizing vendor management and security awareness training software.
• Must be able to utilize video conferencing platforms such as Cisco WebEX, Microsoft Teams, Zoom, etc. 

Working Conditions 

• The noise level in the work environment is usually moderate. 
• Work is performed in a professional office environment.

Full Time, Exempt  

Grade 18

Northrim Bank is an equal opportunity and affirmative action employer. Northrim Bank does not discriminate in employment based upon race, color, religion, sex, sexual orientation, gender identity, age, national origin, physical or mental disability, protected veteran status, pregnancy, parenthood, marital status, changes in marital status, genetic information or any other status protected by federal, state or local law.