IT SENIOR RISK ANALYST-RISK ASSESSMENT DEPARTMENT-FIRSTBANK PR
FirstBank
San Juan, PR
Permanente
Tiempo completo
Hace 2 meses
IT SENIOR RISK ANALYSTRISK ASSESSMENT DEPARTMENTFIRSTBANK PRJob SummaryThe IT Risk Senior Analyst performs information technology audits and assessments of business units, functions and/or bank applications, to comply with SOX requirements and other regulations, assess internal controls structure and evaluate compliance with policies, procedures and management's objectives, within applicable target dates. Serves as a seasoned internal consultant and subject matter specialist for cross training and IT security trends.Essential Responsibilities· Keeps wide and current knowledge of the Sarbanes Oxley Act regulation (particularly the 404 section), its changes and established parameters, and its applicability to the Corporation, specifically related to IT.· Conducts research on Cyber Risk and disseminates new guidance issued as well as emerging trends· Performs Information Technology (IT) audits for Business Units, on an independent or team effort.· Completes SOX-related assigned IT audits according to approved annual plan and performs audit steps within the specific budgeted time assigned.· Revises procedure manuals, banking regulations, and performs personnel interviews with the purpose of obtaining a profound comprehension of Business Area's procedures and internal controls.· Prepares complete working papers for all audit assignments. Guarantees the completeness and correctness of all working papers.· Completes the audit steps following the audit program.· Prepares observations write-up sheets for all exceptions noted.· Discusses and disposes of all review points from the IT Risk Supervisor and/or IT Risk Manager and makes sure all review points of the engagement are properly cleared before the issuance of final audit report.· Discusses observations write-up sheets with Management in order to obtain remediation plans regarding exceptions noted during testing procedures for final results presentation.· Gives support to other team members.· Coordinates and participates in Entry and Exit Meetings with Management.· Assists the IT Risk Supervisor and/or IT Risk Manager in the preparation of specific audit assignment plans and audit programs.· Prepares the audit work program, or reviews existing audit programs for compliance with the Corporation's policies and regulatory requirements, submit revisions when deemed necessary.· Performs IT Risk Assessments to identify existing or potential risks that could adversely affect the Corporation or any of its subsidiaries.· Composes Risk Assessment-related reports and communicates results to corresponding management.· Participates actively in the Corporation system's conversion and implementation processes.· Supports the Corporate Business Impact Analysis and Business Continuity Risk Assessment efforts.· Administers the systems tools implemented at ERMOther Responsibilities· Keeps up to date on technological development IT Auditing areas, systems and programming.· Performs special tasks in order to assist external auditors in their annual integrated audit.· Schedules audit tasks on special audits assigned.· Attends to IT meetings.· Performs any other special assignments assigned by the IT Risk Supervisor and/or IT Risk Manager.· Monitors compliance with continued education requirements of the Bank and professional associations.· Support IT Risk Supervisor and/or IT Risk Manager in different IT projects and IT assessments.· Provide support to other units including CSO as it relates to Incident Response, Review of Forensic Reports, and SOC Reports Assessments.· Assists with the supervision and review of work performed by consultants in staff augmentation engagements.· Presents to the IT Steering Committee as needed.Independence of JudgmentThe degree of judgment is related to the identification and definition of new problems of moderate complexity and integration/coordination of varied elements and its application to specific subjects.Supervisory ResponsibilitiesThis position has no direct supervisory responsibilities.Impact of ErrorsThe impact of errors of this position could affect other department activities or external services and strategic results or Bank image through the regulatory agencies, customers and the community. The impact of errors of this position could also affect the essential activities for the Bank, either from other divisions or departments, or within.Competencies· Programming skills· Wide information technology knowledge· Analytical skills· Computer Assisted Audit Tools and Techniques (CAATTs) acquaintance· Information Technology environment within the Banking Industry acquaintance· Knowledge in databases, Web Applications, Network and communication Infrastructure, operating systems (ex. IBM, UNIX, Linux and Windows), security technologies (firewalls, IDS/IPS, etc.)· Strong working knowledge of information and system security, internal control frameworks (COSO, COBIT) and SOX requirements· Hands-on skills in audit planning, development of audit programs, fieldwork and wrap-up· Computer and mainframe proficiency· Strong analytical skills (analytical thinker) and self-starter· Experience in audits within environments: Mainframe, Distributed· Utilization of audit tools (ex. IDEA, ACL)· Knowledge of general security concepts and methods such as vulnerability assessments, privacy assessments, intrusion detection, incident response, security policy creation, enterprise security strategies, architectures and governance· Understanding of information security regulatory requirements and compliance issues· Experience in process definition, workflow design and process mapping· Excellent verbal and written communication skills in English and Spanish· Proficient in EXCEL, WORD, ACCESS, POWER POINT· Committed to accuracy· Interpersonal communication and team skillsPhysical DemandsThe physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Specific vision abilities required by this job include close vision and distance vision. While performing the duties of this Job, the employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand and walk.Work EnvironmentEmployees in this job work in an office environment with a comfortable room temperature, good lighting, and quiet conditions. May be required to travel and to work extended hours, including holidays, should these coincide with risk mitigation efforts or other projects/implementations.Minimum RequirementsA Bachelor's Degree in Information Technology, Computer Science, engineering, or business is required for this position. The incumbent must have from at least two years of IT audit experience or on a similar position within the Banking Industry. CISA certificate is recommended but not required.EQUAL EMPLOYMENT OPPORTUNITTY EMPLOYER
