Job Description

What You'll Be Doing:

Clearing, Markets & Issuer Services Technology (CMIST) is responsible for application development and support for more than 350 critical business systems including Repo Edge (collateral management), Enterprise Payment Hub (multi-currency payment processing), and Broker Dealer Clearance (securities clearing).

The CMIST Centers of Excellence govern best practices across the organization. Supporting functions include financial planning, portfolio/program/project management, and technology risk management, as well as communications and employee engagement. The teams also provide strategic guidance for enterprise technology programs for application resiliency and infrastructure modernization, as well as production application administration and incident management, mainframe development, and quality engineering standards.

IT Risk Analyst, Sr Specialist->> Identifies, analyzes, monitors and minimizes highly complex areas of risk that pertain to information technology. Leads coordination with application, development, disaster recovery and data security teams. Provides high value input into risk reports on complex issues. Presents reports to the business areas and IT risk management. Leads complex projects that involve working with the businesses to improve controls that would mitigate any deficiencies. Ensures controls meet regulatory and organization standards. Develops and improves risk systems, methodologies and limits. Remains aware of market trends to determine potential risks to the organization. Recommends and leads any resulting change needed to mitigate risk. Contributes to the achievement of area objectives.

Responsibilities:
Assessing the current adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events.
Audits and assessments must be continual, as the threat profiles change constantly.
Ensures management are kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
Continually improve the quality of the risk management through evaluation of communication security, data vulnerability, business continuity and compliance risks.
Self-identification of risks even before it occurs
Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
Identify vulnerabilities or weaknesses in systems
Examine employee compliance with security controls and deficiencies
Evaluate security policy, processes and procedures for completeness
Ensure that controls are adequate to protect sensitive information systems
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Provide mitigation/damage reduction proposals

Qualifications

Who We're Looking For:

Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred
8-10 years of related experience required
Experience in the securities or financial services industry is a plus.
ISACA certifications such as CRISC, CISA, CISSP preferred.
Experience defining, implementing and monitoring IT risk management programs, including cyber security related risks
Experience understanding design and operating effectiveness of IT controls and industry related frameworks.
7+ years of total experience in IT Risk and/or InfoSec
Significant knowledge in at least 3 or more areas of IT general controls, such as: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
Excellent time management skills
Drive to execute
Excellent stakeholder management and communication (Verbal and written) skills
Confidence to respectfully challenge stakeholders
Ability to quickly adopt to quick changes
Ability to summarize complex technology issue
Plus, optionally:
IT Audit experience
Project Management experiment
Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent