Our client is seeking a dynamic Security Risk Management (SRM) Associate who has a strong passion for information security risk management and a desire to build a career in a fast-growing, reputable bank.
Key Responsibilities:
* Conduct independent information security risk assessment activities, including self-assessments requested by clients and regulators, as needed.
* Enhance and streamline processes and technology in the information security risk management space.
* Collaborate with other risk departments of the bank on BAU activities and projects.
* Understand information security controls and associated risks, articulating them to both technical and business stakeholders.
* Prioritize and complete internal and external risks assessments, coordinating with stakeholders as required.
* Maintain thorough understanding of the Bank's security risk management policies and procedures, enhancing them over time and educating stakeholders on policy changes.
* Assist in reviewing and updating information security policy documents periodically.
* Perform risk assessments on new and existing applications, taking actions on relevant risk treatments with senior security risk team members.
* Assess security risks associated with new/existing vendors, monitoring and investigating vendor downgrades.
* Support stakeholders in understanding assessment control questions and identifying compensating controls when needed.
* Simplify and explain risks associated with control gaps in business and layman's terms.
* Support risk management tooling, including assessment tools and the risk register.
Requirements:
* Prior experience in an information security role or developing policies and engaging stakeholders to update content is desirable.
* Basic knowledge of information security controls, risks, and best practices in the banking industry is essential.
* Familiarity with commonly used banking applications, operating systems, and databases is required.
* Knowledge of cloud-based applications and tools is necessary.
* A basic understanding of cybersecurity regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27001, FFIEC, NIST) is required.
* Strong verbal and written communication skills are essential.
* The ability to demonstrate a self-motivated and disciplined approach to learning and working is crucial.
* A team environment requires collaboration and leadership skills when needed.
* A highly developed sense of personal accountability and follow-through, prioritizing multiple tasks and goals effectively, is necessary.