Senior Technology Risk & Controls Analyst

Join Our Team!

We have a great team of friendly, talented and inspiring people at First United. As a learning organization, we take pride in offering exciting opportunities for employees to grow and follow their passions. That's one of the many reasons First United has been voted as one of the top places to work in Oklahoma since 2009! Browse this page to find out more about the First United culture and the many benefits of working here. Then, use our "Get Started" section to take your first step to being a part of First United.

The Position

Job Title

Senior Technology Risk & Controls Analyst

Job Description

SUMMARY

We are looking for a Senior Technology Risk and Controls Analyst to join the Enterprise Information Security Office in a second line of defense capacity. This individual will support the execution of IT Risk and Control Self-Assessments (RCSAs), maintenance of Enterprise Technology risk and control catalogue, development and reporting of Key Risk Indicators (KRIs), and advise Enterprise Technology and business units on the maturation of technology and cybersecurity controls to align with changing risks and regulatory requirements.

This individual will work under the guidance of a manager with limited direction and should have a self-starter mindset. This individual will collaborate heavily across first and second lines of defense in Information Technology and Information Security in a team of teams’ environment. They will have direct exposure to senior levels of management and should be adept in communicating regulatory and compliance matters.

A successful candidate will have a wide range of audit, regulatory, or hands on technical experience that allows them to translate regulatory and compliance requirements to the continually evolving technology landscape. They will have experience in financial services and a good understanding of regulatory and compliance requirements for financial institutions. Their experience will allow them to immediately help mature practices related to the Govern, Identify, Protect, Detect, Respond, and Recover functional areas.

This role is an exciting opportunity to mature information technology and cybersecurity control processes in a growing and stable organization. This role reports directly to the Technology Risk and Control Manager and will work closely with executing the overall agenda of the Enterprise Information Security Office, Enterprise Risk Management, and Information Technology.

MAJOR DUTIES AND RESPONSIBILITIES (ESSENTIAL FUNCTIONS)

• Support/Own the definition and maintenance of the technology risk and control environment.
• Assess the effectiveness of technology controls against regulatory requirements and policy statements.
• Support and co-ordinate responses to Regulator & Customer requests for information on control practices
• Analyze and report on compliance of cyber and technology controls against LoB (Lines of Business), Firmwide and Regulatory Standards
• Consult on technical security and regulatory compliance matters with IT Services teams.
• Maintain relationships with stakeholders to facilitate oversight and effectiveness of the technical control environment. 
• Support/Own reporting products used to ensure stakeholders are kept appraised of the performance of the technology control environment.
• Validate that key risk indicators (KRIs) are accurately captured & included in prioritization activities.

Skills/ Qualifications:

• An understanding of Enterprise Risk Management practices in a technical environment
• Broad understanding of cybersecurity and technology control practices and frameworks
• Experience performing or supporting regulatory and compliance assessments for financial institutions
• Experience supporting and maturing information security and technology processes and programs in areas including but not limited to the NIST CSF Govern, Identify, Protect, Detect, Respond, and Recovery functional areas and IT service management.
• Technical and operational understanding of financial services regulations.
• Self-motivated and explorative mindset with a strong desire for continual learning and growth.
• Ability to manage and drive iterative improvement on multiple initiatives while interfacing with stakeholders across multiple departments and business units.
• Technical understanding of modern enterprise technology stacks both on-prem and hybrid cloud.
• CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), CCSP (Certified Cloud Security Professional), Cloud Architect certification, Certified Information Systems Auditor (CISA), former PCI Qualified Security Assessor (QSA) or other similar certifications

Additional Duties and Responsibilities

• Assist all company employees and customers in a prompt, professional, and courteous manner.
• Adhere to company security practices according to policy and adopted security framework.
• Uphold system and application hardening standards.
• Comply with all banking regulations and legal statutes.
• Document records accurately.
• Maintain confidentiality of company and customer information.
• Adherence to all First United Policies and Procedures
• Complete all required compliance exams on an annual basis
• Perform other duties as assigned

EMPLOYEE SPECIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Required Education and Work Experience

• Bachelor's degree in business administration, information assurance or related technical field
• 3-5 years of related experience in Information Security, IT audit, and/or IT risk management including FFIEC regulations, NIST standards, cloud security standards and frameworks, GLBA standards and cybersecurity frameworks.
• 3+ years of related project management experience in IT and Information Security or related field
• 3+ years in IT Audit, IT GRC, or Cybersecurity professional services preferred but not required.
• Master’s or other advanced degree (MBA, cybersecurity, information assurance, computer science, etc.) preferred but not required.

Knowledge and Skills Requirements

• Collaboration with internal operation departments, regulating entities, IT teams, Risk Management, 3rd party contractors and consultants, internal and external audit groups, and management.
• Experience with GRC platforms.
• Self-starter requiring minimal supervision.
• Strong written and verbal communications.
• Analytical and problem-solving mindset, efficient in approach to solution delivery.
• Demonstrated strategic and tactical skills, highly organized, and strong decision-making, and business acumen.
• Moderate security framework and standard implementation (NIST CSF, ITIL, FFIEC, CRI Profile, PCI, etc.).
• Knowledge of programming and scripting language applications.
• Microsoft Office Suite and Visio proficiency.
• People skills requisite to work with business units, system engineers, & management.
• Good verbal communication and writing skills.
• Strong attention to detail.
• Ability to work independently and as a team member.
• Ability to prioritize tasks and manage projects.
• Ability to identify the pragmatic approach.

All Locations:

Plano-Parkwood

If any applicant is unable to complete an application or respond to a job opening because of a disability, please email us at HR@firstunitedbank.com for assistance. 

First United is an Equal Opportunity Employer. To the extent required by Federal or State law, First United does not discriminate in employment opportunities or practices on the basis of race, color, religion, sex, national origin, or any other characteristic protected by law.