Enterprise Information Security (EIS) is integrated with the Technology division (860+ people), and is responsible for enabling secure innovation and business growth for 13,000 employees across 11 states. EIS is undergoing rapid growth and we have a bold vision to create a unique and relevant Assurance program that will align with and support our organization’s mission. What’s great about our department is that we laugh with each other, have Executive and Board level visibility and support for our work, and are driving highly visible, enterprise-wide initiatives. We’re focused on creating business value and are seeking like-minded professionals to join our team!
Let’s talk about you:
Do you…
- lead by example?
- enjoy collaborating with and influencing others to achieve the right outcomes?
- love securing information assets from malicious users?
- want to work on the implementing leading-edge solutions to enterprise challenges?
- demonstrate persistence in reaching goals in the face of adversity?
- function as team player who isn’t afraid to challenge the status quo?
- want to work on a team where your input matters?
- think in terms of confidentiality, integrity, and availability?
- excel in learning things quickly and thoroughly?
- enjoy sharing your hard-earned knowledge to help others grow and make a real difference?
- transform ambiguity into focused, productive, impactful outcomes?
- love to get things done, the right way, the first time?
If you think systematically, achieve purposefully, speak diplomatically, and act with integrity, the EIS department can’t wait to hear from you!!
The scope and impact of your work:
As the Cybersecurity Governance Analyst working with the Cybersecurity Strategy & Governance (CSG) team, you are an innovative, results-oriented professional responsible for enhancing/maintaining a comprehensive governance, cybersecurity risk, and compliance management program. You can assess and translate cybersecurity risk management, regulatory and compliance requirements into a coordinated controls framework that can be efficiently adopted by EIS, business and technology teams. You possess excellent communication skills and have past success interacting with leadership, internal stakeholders, and oversight partners. You can analyze, understand, communicate, and document current practices while driving maturity and proactive risk management in a dynamic environment.
You will serve as a key contributor within the EIS department and partner with internal cybersecurity teams, business stakeholders, audit, and technology teams to assist in the development and execution of a comprehensive cybersecurity program. You will be interacting with senior leaders in technology and risk management to drive integration and efficiency in a highly visible role.
What we expect:
This role requires a dynamic personality that can work successfully in a diverse environment, drive clarity, and reduce ambiguity. The ideal candidate demonstrates a unique blend of technical, business development and project management skills including the ability to think strategically, simultaneously planning and implementing key projects.
1. Project & Program Management – Responsible for development, collaborative execution, and reporting of cross-functional, multi-disciplinary projects and programs. This includes engaging senior and executive leadership to understand strategic objectives, design solutions, drive results, and report on status and risks.
2. Information Risk Management – Collaborate with EIS and Enterprise Risk Management teams to measure risk, provide oversight of root cause and remediation activities, and assist EIS management with formal ongoing program monitoring and continuous improvement.
3. Governance – Actively engage and participate in the continued implementation of NIST-CSF. Develop and implement governance and risk reporting frameworks while evolving Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to assure effectiveness and compliance across processes and process owners. Collaborate with formal document owners to align with established cybersecurity frameworks.
4. Regulatory Compliance – Facilitate the formal measurement and evaluation of the organization’s cybersecurity maturity, including internal and external assessments. Participate in regulatory assessments and deliverables, including GLBA 501(b) reporting.
5. Documentation Management – Lead efforts in updating and maintaining security related documentation, including coordinating with stakeholders to update Policies, Programs, Frameworks, and Standards.
Your experiences and skills:
1. Bachelor’s degree preferred, or an equivalent combination of education and experience
2. 3+ years of work experience in risk analysis/reporting, consulting, banking, cybersecurity, and/or financial services regulations preferred.
3. Experience working with GRC and analytical/reporting platforms (RSA-Archer, Metricstream, PowerBI, etc.) to analyze risks, automate tasks, and develop reporting.
4. Relevant professional certifications or willingness to work toward certifications in project management and/or cybersecurity (PMP, CISA, CISM, CRISC, etc).
5. Proven record of delivering the full life cycle of programs and initiatives from design through delivery and optimization.
6. Computer skills, with in-depth knowledge of Microsoft Office (Word, Outlook, PowerPoint and Excel).
7. Domain and Industry Expertise
8. Working knowledge of relevant governance and control assessment frameworks and/or standards (e.g., NIST-CSF, FFIEC CAT, ISO 27000 Series, COBIT, COSO, SOC 1/2, FAIR, PCI-DSS, etc.) is preferred.
9. Working knowledge of financial services regulations and guidance including GLBA, and Interagency Guidelines Establishing Information Security Standards.
Work location: Join us in Salt Lake City, Utah or work remote within the United States.
Pay Range: $70,000 – 100,000
