Skip to main content

ETS Risk Principal Analyst

Technology

Johnston, Rhode Island

Description

As the ETS Risk Principal Analyst in Technology and Cyber Risk, you will be responsible for identifying, assessing, and mitigating risks associated with technology and cybersecurity within the banking sector. Your role is crucial in ensuring the organization’s resilience against cyber threats and maintaining robust risk management practices.

Key Responsibilities

  1. Risk Identification and Assessment:
    • Conduct comprehensive risk assessments for technology and cybersecurity initiatives.
    • Identify emerging threats and vulnerabilities in the IT landscape.
    • Develop and maintain a risk register for tracking and managing identified risks.
  2. Risk Mitigation and Control:
    • Implement risk mitigation strategies and controls to address identified risks.
    • Collaborate with IT and security teams to ensure effective deployment of security measures.
    • Monitor the effectiveness of risk controls and make necessary adjustments.
  3. Governance and Compliance:
    • Ensure compliance with regulatory requirements and industry standards. 
    • Develop and enforce technology and cybersecurity policies and procedures.
    • Support and cooperation with 2nd and 3rd LODs in audits and reviews to ensure adherence to governance frameworks.
  4. Incident Management:
    • Support activities related with risk in cybersecurity incidents and breaches.
    • Review and asses post-incident analysis to identify risk associated with incidents
  5. Reporting and Communication:
    • Prepare and present risk reports to senior management and the board.
    • Establish and maintain an effective business relationship with business partners, key project stakeholders, Second Line of Defense and subject matter experts to advise and support the Technology Services Risk Leadership Team.
    • Communicate risk management strategies and updates to relevant stakeholders.
    • Foster a risk-aware culture within the organization through training and awareness programs.
  6. Innovation and Continuous Improvement:
    • Stay updated on the latest trends and advancements in technology and cybersecurity.
    • Identify opportunities for innovation in risk management practices.
    • Continuously improve risk management processes and tools.
    • Actively support automation in testing process.

Awareness with Tools and Resources

  • Risk Management Frameworks: CRI, NIST, ISO 27000 family  
  • Security Tools: Vulnerability scanners, SIEM (Security Information and Event Management) systems, endpoint protection solutions.
  • Compliance Tools: GRC (Governance, Risk, and Compliance) platforms, audit management software.
  • Incident Response Tools: Incident management platforms, forensic analysis tools.

Best Practices

  • Regularly update risk assessments to reflect the evolving threat landscape.
  • Foster collaboration between IT, security, and business units to ensure comprehensive risk management.
  • Promote a culture of continuous improvement and innovation in risk management practices.
  • Engage in ongoing professional development to stay current with industry trends and best practices.

Qualifications

  • 7+ years of experience in Information Technology, Information Security, Data Management, IT Service Management and Operations and/or IT Resilience
  • 7+ years of Audit or Risk Management experience gained from working in financial services industry, preferably in Technology or Information Security.
  • Strong business writing skills
  • Ability to effectively communicate with all levels of the organization
  • Project management skills to support multiple complex assignments
  • Strong influencing and negotiating skills
  • Proficient use of Microsoft Office Suite

Platform Specific Skills:

  • Technical knowledge of various platforms (e.g. Cloud, Microsoft, Unix, Middleware. APPs)
  • Writing, Project Mgt, GRC Skills

Education:

  • Bachelor’s degree or equivalent experience required

Certifications Preferred:

  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • AWS / Azure Cloud Certifications
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)

Hours and Work Schedule: 3 days in the office, 2 remote

Hours per Week:  40

Work Schedule:    8:00am to 5:00pm

                             Monday through Friday

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

At Citizens, we are committed to fostering an inclusive culture that enables colleagues to bring their best selves to work every day. Employment decisions are based solely on experience, performance, and ability. Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression (including transgender individuals who are transitioning, have transitioned, or are perceived to be transitioning to the gender with which they identify), genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws.

Equal Employment and Opportunity Employer

Citizens is a brand name of Citizens Bank, N.A. and each of its respective affiliates.

Background Check

Any offer of employment is conditioned upon the candidate successfully passing a background check, which may include initial credit, motor vehicle record, public record, prior employment verification, and criminal background checks. Results of the background check are individually reviewed based upon legal requirements imposed by our regulators and with consideration of the nature and gravity of the background history and the job offered. Any offer of employment will include further information.

Benefits

We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more.

View Benefits

Awards We've Received

2024

Dave Thomas Foundation’s Best Adoption-Friendly Workplace

2024

Disability Equality Index Best Places to Work for People with Disabilities

2024

Fair360 Top Regional Company

2024

FORTUNE’s World’s Most Admired Companies

2024

Human Rights Campaign Corporate Equality Index 100 Award

2024

Military Friendly® Employer

2023

Age-Friendly Institute's Certified Age-Friendly Employer

2023

Bloomberg Gender Equality Index, Standout

2023

Forbes America's Best Large Employers

Apply