Role: Information Security Analyst
Years of Experience: 2+ years of experience in information security
Work Location: Phoenix, AZ
Project Duration: 12 months (with chances of extension/Contract to hire)
Looking for a resource who would support the development, implementation, and management of the Global Infrastructure Risk Management program to systematically handle audit and compliance requests, in alignment with the expectations and requirements of the internal audit, risk oversight teams, our regulators and banking regulations. Works individually and with teams on both structured and unstructured assignments. Responsible for risk investigations, intelligence, assurance, and awareness, for technology standards and handling IT controls and compliance with regulatory guidance.
Collaborates with multiple partners including all Global Infrastructure customers, Technology Risk and Information Security, Operational Risk, Internal Audit Group, Second line oversight and external auditors and regulators. Proactively monitoring current capabilities and instituting industry best practices. Works individually and with teams on both structured and unstructured assignments.
- Provides effective leadership, analysis skills, and innovative thinking necessary to maintain and enhance the Risk Management and Governance program and framework to ensure full compliance with all banking laws, rules, regulations, and internal policies, procedures, and processes.
- Responsible for day to day coordination and maintenance of emerging risks and early warning indicators, limits and metrics at a granular level, and integrates all risks through identification of aggregation that includes development and oversight of an effective measurement process that captures and measures risk groups (including identification of concentrations by geography, counterparty, industry, correlations, etc.).
- Conducts risk and control assessments; provides qualitative and quantitative insight; regularly and promptly identifies changes in risk in the technology operating environment, in concentrations, and regularly maintains and updates risk and control assessments and exposure in addition to assisting in the evaluation exposure under various stressful scenarios.
- Keeps leadership informed of project/task status, manages work priorities, and proactively seeks solutions to challenging projects or situations.
- Ensures policies are updated to reflect changes in law or regulations, and recommends changes to policies, procedures and processes to minimize risk.
- Responds to inquiries or refers inquiries to the appropriate department or person, and exhibits the necessary follow through with customers and/or staff involved.
- Builds relationships with diverse groups and leads meetings to gather and document data and information in order to measure and improve the effectiveness of risk management and governance activities.
- Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes and requests
- Direct maintenance of internal documentation library, ensuring that process and other documentation is regularly updated to reflect the latest operational processes and requirements
- Assists in the development, implementation, and governance of processes and initiatives to ensure compliance, cost optimization, and efficiency.
- Assists in developing, implementing, and monitoring compliance to the business and Information security policies, standards and procedures, and other policies and standards as appropriate
- Prepares materials (reports, presentations, spreadsheets, etc) on information security to help develop scenarios, response procedures, and to enable informed decision-making; verify completeness, accuracy and relevance of data captured
- Maintains records to allow for historical trending analysis
- Identifies current and desired further state IT control capabilities incorporating industry leading technology and practices that enhance American Express' ability to manage technology risk
- Partner closely with Global Infrastructure product and process owners to ensure controls also enable the business and technology
- Work across Global Infrastructure to ensure timely response to all risk & compliance requests (e.g, state, federal, internal, external, etc.)
- Maintain meaningful and actionable critical metrics, metrics and reporting related to governance, risk and controls
- Partner with vendors and strategic partners to garner external industry standard methodologies
- Adapts plans and programs to changes in the regulatory environment and threatscape
- Relevant knowledge and background in information security and technology controls, compliance and/or regulatory experience
- Infrastructure Technology background/experience (Cloud, IBM, TIMS, Disaster Recovery, Storage, Network, Database, etc.)
- Knowledge and/or training in IT control frameworks, federal and international regulations including but not limited to FFIEC, NIST, OFAC, SOX, PCI, ISO, etc.
- Collaborative approach to solving business problems
- Background in ITSM/ITIL/COBIT/ISO processes preferred
- Self-motivated individual with the ability to combine outstanding problem-resolution and critical thinking skills with an ability to apply a business and risk lens
- Proven ability to adjust quickly to shifting priorities, multiple demands, ambiguity and rapid change
- Practical experience in doing both written and verbal communication effectively to multiple levels within the organization
- Demonstrable ability to take complex technical information and translate it into clear communications (presentations/memos) for a variety of audiences
- Analyzes complex information and identifies the most meaningful details
- Is clear when explaining ideas and concepts to others - communication is structured, compelling, and impactful, and builds a credible impression
- Challenges the status quo and questions current approaches where appropriate
- Continually looks for contingency options and dedicatedly adapts plans and priorities
- Takes the initiative to craft transparency when changing circumstances cause ambiguity
- Translates and interprets business strategies to clarify direction for self and/or team and to gauge impact on current plans
- Preferred SharePoint development experience
** Technologent is an Equal Opportunity Employer -- EEO/AA Employer/Vet/Disabled.
Technologent is a Global Provider of Edge-to-Edge Information Technology Solutions and Services for Fortune 1000 and SMB companies. We offer a unique blend of business practices that are aligned to solve for top CIO concerns. Our core competencies focus on data center infrastructure, business continuity, data protection, service automation and orchestration, continuous intelligence, monitoring, connectivity, collaboration and cybersecurity. These practices are supported by our professional services, digital transformation services and financial services offerings. By providing custom solutions and services designed to fit your business needs, we enable your organization to be more agile, responsive and competitive. Technologent empowers your company to ascend to the next level in IT.
Headquartered in Irvine, CA, Technologent has offices throughout the US and proudly serves clients around the world. When partnering with Technologent, organizations benefit from the highest caliber of professionals, committed to delivering exceptional business outcomes backed by unmatched service and support.