Cyber Risk Mgmt Sr Analyst

Texas Capital is built to help businesses and their leaders. Our depth of knowledge and expertise allows us to bring the best of the big firms at a scale that works for our clients, with highly experienced bankers who truly invest in people’s success — today and tomorrow.  

While we are rooted in core financial products, we are differentiated by our approach. Our bankers are seasoned financial experts who possess deep experience across a multitude of industries. Equally important, they bring commitment — investing the time and resources to understand our clients’ immediate needs, identify market opportunities and meet long-term objectives. At Texas Capital, we do more than build business success. We build long-lasting relationships. 

Texas Capital provides a variety of benefits to colleagues, including health insurance coverage, wellness program, fertility and family building aids, life and disability insurance, retirement savings plans with a generous 401K match, paid leave programs, paid holidays, and paid time off (PTO). 

Headquartered in Dallas with offices in Austin, Fort Worth, Houston, Richardson, Plano and San Antonio, Texas Capital was recently named Best Regional Bank in 2024 by Bankrate and was named to The Dallas Morning News’ Dallas-Fort Worth metroplex Top Workplaces 2023 and GoBankingRate’s 2023 list of Best Regional Banks. For more information about joining our team, please visit us at www.texascapitalbank.com. 

The Sr. Analyst, Information Risk Management supports the initiatives of the Information Risk management Program, performs key risk management functions, and acts as an escalation point for the Information Risk team while effectively executing all activities in the Information Risk Management program. This position requires functional knowledge of Identity and Access Management (IAM) processes and will be primarily responsible for conducting thorough reviews of User Access Reviews, Application Access Reviews, and other IAM activities to ensure compliance, accuracy, and completeness in alignment with enterprise standards and regulator requirements. The program uses a risk-based approach that leverages the outputs of the Operational Risk Management program, as well as other Information, Technology, and Cyber Security programs and requirements to prioritize areas where oversight activities are conducted. Key program elements include, risk assessments, business impact assessments, key risk metrics, scenario analysis, top/material risks, issue management, awareness, and communication.

Responsibilities

• Conduct various regulatory and compliance assessments including, FFIEC, PCI, HIPPA, GDPR, SWIFT and CISA.
• Review and Challenge the accuracy of Identity and Access Management (IAM) activities including User Access Reviews, and Application Access Reviews, and report findings to senior leadership
• Support the development, implementation, maintenance, and effective execution of the Information Risk Management program, including the identification, management, governance and reporting of Information, Technology, and Cyber Security risks within the Bank.
• Oversight and adherence of the Operational Risk Framework, Methodology, Information and Data Governance.
• Contribute to the development, implementation, and maintenance of the Information Risk program strategy, framework, plan, policies, standards, processes, and procedures within the bank.
• Oversight of compliance with Information Technology and Information Security policies, programs and standards including exception management.
• Conducting ongoing monitoring of Information, Technology, and Cyber Security risks leveraging the outputs of the Information Technology and Cyber Security programs, and other information, e.g., key risk metrics, risk appetite metrics (RAS), risk events, and issues
• Responsible for identifying, prioritizing, monitoring, and reporting information, technology and cyber risks and controls, including conducting risk and control targeted assessments.
• Supporting internal and external audits and regulatory exams
• Support Security awareness and training initiatives for the Firm.
• Support initiatives to create comprehensive Risk Profiles specific to the various Divisions, and Lines of Business.

The duties listed above are the essential functions, or fundamental duties within the job classification. The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign related additional duties to individual employees consistent with standard departmental policy.

Qualifications

• Must be authorized to work in the U.S.
• Bachelor's Degree: Computer Science/Technology, Business, Finance, Management, or equivalent combination of education, training, experience
• 2+ years in financial services industry or other regulated environment preferred with experience in Risk Management; Governance, Risk and Compliance (GRC); and/or Internal Audit
• 5+ years in Information Technology and/or Cyber or Information Security
• Functional knowledge of Identity and Access Management concepts such as User Access Reviews, Role-Based Access, Application Access Management, Privileged Access Management
• Familiarity with IAM tools and platforms (e.g., SailPoint, Okta, Microsoft Azure AD)
• Regulatory Knowledge: Gramm-Leach Bliley Act (GLBA), Sarbanes-Oxley (SOX), FFIEC Guidelines, NYDFS, GDPR.
• Knowledge of Payment Card Industry (PCI) data security standards
• Knowledge of Personal Health Information (PHI) data security standards
• Knowledge of technology processes, risks and issues including within infrastructure, information security, SDLC, data management, and governance, risk & compliance, utilizing various controls frameworks, i.e., NIST, ISO, COBIT, ITIL.
• Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• Exercise sound reasoning to analyze issues, make decisions, and solve problems.
• Articulate thoughts and ideas clearly in person, in writing, and digitally to persons inside and outside the Bank
• Build collaborative relationships with colleagues and customers from diverse cultures, races, ages, genders, religions, lifestyles, and viewpoint.
• Leverage the strengths of others to achieve common goals and use interpersonal skills to coach and develop others.
• Demonstrate personal accountability and effective work habits, e.g., punctuality, work productively with others, manage time/workload, and understand the impact of communication on professional image.
• Demonstrate the ability to select and use appropriate technology to accomplish assigned tasks.
• Identify and articulate individual skills, strengths, knowledge, and experience relevant to the position desired, career goals, and recognize areas necessary for professional growth.

Additional Requirements/Skills

• Preferred Certifications (one or more) – CISSP (ISC2), CISM (ISACA), GIAC (SANS) CRM, CISA (ISACA), CRISC (ISACA), AWS or Azure Cloud Certification
• A good working or background knowledge for majority of areas listed is preferred: Networking, server and storage infrastructure, cloud computing (SaaS, PaaS, IaaS), cloud security, application security, risk assessment, vulnerability assessment, enterprise architecture, risk management, operating systems, and data security.

The duties listed above are the essential functions, or fundamental duties within the job classification.  The essential functions of individual positions within the classification may differ. Texas Capital Bank may assign reasonably related additional duties to individual employees consistent with standard departmental policy.Texas Capital is an Equal Opportunity Employer.