Senior IT Security Risk Management Analyst
Chicago, IL

Job Description

Job Summary

Maps policy requirements and changes to develop effective security processes. Translates the overarching concerns of IT Risk Management (risk posture, policy compliance, and compliance burden) into processes and programs. Maintains relationships with business areas that interact with IT Policy & Risk Assessment processes in a complex manner or on a frequent, on-going basis. May provide training and guidance to lower level staff. The level of work required is considered advanced and staff must be able to work under minimal supervision. This job does not have any direct reports.

Principal Duties and Responsibilities

* Identifies needs and develops and implements technology-related internal controls across IT
* Leads projects to ensure effective implementation of information security or IT Policy & Risk Assessment initiatives
* Researches and keeps updated with emerging risk and compliance trends and IT security regulations, and provides recommendations to meet the changing regulatory landscape
* Assesses internal control performance, identifies weaknesses, and provides recommendations to strengthen the control environment. Monitors compliance with IT policies, procedures, and operating standards
* Leads departments through all aspects of the risk evaluation process
* Serves as a key team member and central point of contact during internal audit processes
* Reviews evidence provided by departments to document remediation of internal control issues or that support the closure of action plans; provides a recommendation to management as to whether the evidence is sufficient
* Collects and organizes data for report preparation and analysis; performs special projects as needed (e.g. surveys, studies), including memos and status reports for management
* Leads department IT Policy & Risk Assessment process improvement projects
* May represent IT at SOX Coordinators meetings and at the IFCC (Internal Financial Controls Committee)

Education and Experience

* Bachelor's Degree in business, information technology, or other related field or equivalent work experience
* 5 years of experience in risk management, audit or information security disciplines

Knowledge and Skills

* Ability to communicate risk and compliance subjects to multiple audiences, including technicians (e.g., IS Liaisons and IS Engineers), business people and management
* Strong understanding of the impact of risk/compliance topics on business processes
* Strong knowledge of and ability to apply presentation software
* Project management experience
* Strong public speaking and written/verbal communication skills
* Strong research and analysis skills
* Familiarity with common information security frameworks
* Industry certification, such as CISSP, preferred



Other Requirements and Physical Requirements

This document indicates the general nature and level of work performed by employees within this position. It is not a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job. An employee's responsibilities, tasks, and duties might differ from those outlined in the job description, and other duties, as assigned, are a part of the job. The Federal Reserve Bank of Chicago reserves the right to modify the elements of this job description, as business needs require.