The IT Compliance Analyst provides a secure and protected environment for the Bank's data and systems by evaluating IT controls, performing application assessments, identifying areas of non-compliance, and developing improvements to operational deficiencies.
ESSENTIAL DUTIES & RESPONSIBILITIES
* Acts as a liaison to internal/external auditors, fulfilling audit requests and coordinating audit activities with IT stakeholders
* Monitors and reports on the progress of risk mitigation efforts, ensuring target dates are met and extensions are granted
* Leverages various tools to perform research, develop alerts, and compile reports
* Develops a working knowledge of the IT Risk and Compliance tool set, including Varonis DATALERT, Tripwire Enterprise, and McAfee Database Activity Monitoring
* Performs daily, monthly, and quarterly monitoring and reconciliation activities accurately and timely
* Researches, communicates and resolves automated IT compliance exceptions
* Ensures proper log monitoring, reporting and escalation of non-compliant activity
* Assists with the execution of the internal IT compliance testing program. This includes: internal IT controls and compliance reviews; and remediation testing of issues identified during audit, regulatory exams or internal assessments
* Contributes to various project requests from Vendor Management, External Audit, Information Security, and Enterprise Risk Management
* Assists in the administration of IT policies, standards, processes, and procedures
* Assists with the development or update of department procedures
* Performs ad-hoc IT compliance requests or additional duties as assigned
* Builds and maintains positive working relationships with stakeholders, including application owners, business areas, and management in support of IT Risk and Compliance processes
EXPERIENCE & EDUCATIONAL REQUIREMENTS
* 4 year college degree in information technology or equivalent experience.
* Compliance certification is preferred (CISA, CRISC, CGEIT)
* 2-4 years of IT security, IT audit and compliance, or IT risk management experience.
* 4-6 years of Information Technology experience necessary without a degree.
* MS Office product (notably Outlook, Word, Excel, and Access) knowledge.
* Compliance Monitoring tool exposure (i.e., Varonis DATALERT, Tripwire Enterprise, McAfee Database Activity Monitoring) preferred
* Structured Query Language (SQL) (preferred)
* Tableau business intelligence and analytic reporting tool
KNOWLEDGE, SKILLS, ABILITIES & BEHAVIORS REQUIRED
* Must have excellent communication skills (verbal, written, and listening)
* Intermediate knowledge of IT general controls
* Intermediate experience with technical writing
* Intermediate knowledge of evaluating internal controls and developing recommendations
* Basic knowledge of project management principles (planning, organizing, and managing assessment process)
* Must be a self-starter, with the ability to work in a fast paced environment, both independently and as part of a team
* A high level of integrity and dependability are necessary to perform this role
* Strong analytical and organizational skills with attention to detail and accuracy