Lead IT Risk Control Analyst

LEAD IT RISK CONTROLS ANALYST

WHAT IS THE OPPORTUNITY?

The Lead IT Risk Analyst is a subject-area specialist with specialized training, methods, and analytic techniques to create recommendations and directions for IT risk mitigation in a complex technical environment. As the Lead IT Risk Analyst, you will be responsible for overseeing the ongoing compliance of requirements in alignment to City National Bank and regulatory requirements including, but not limited to, implementation of risk management policies and procedures to ensure that the organization's IT infrastructure and data remain secure and compliant with regulatory requirements. This role involves identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and supporting the organization's risk management strategy. Focus areas of compliance assessment by the Lead IT Risk Analyst includes third party security and overall IT program effectiveness in mitigating risk. The Lead IT Risk Analyst's goal is to create actionable information for IT and business leadership, and to provide objective assessments of risks for auditors, regulators, and external parties. This requires routinely authoring detailed reports and gathering metrics, ensuring stakeholders receive accurate and complete information. The Lead IT Risk Analyst keeps abreast of industry trends, technologies and cyber risk management approaches, regulatory changes, and often collaborates with other teams on IT risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's overall risk appetite. The Lead IT Risk Analyst serves as an expert in their area of specialization. This role is a working lead that provides functional guidance and may coordinate or supervise the daily activities of individual contributors or working teams in areas of specialization. Provides input on resource planning, procedure creation and content. As the Lead IT Risk Analyst, you will play a crucial role in safeguarding the digital assets and technological infrastructure of City National Bank. This position involves leading the development, implementation, and management of risk management practices that address the specific technical risks and regulatory requirements unique to the financial sector.

WHAT WILL YOU DO?

• The role supports CNB IT in the creation of analytics & reporting to enhance senior management’s ability to anticipate and manage risks effectively.
• Manage the development and execution of first line risk management reporting including setting direction, goals and management awareness of risk and controls.
• Develop and execute end-to-end change management of processes to gather and analyze relevant information.
• Leads the development and execution of processes to support the delivery of Risk Management reporting including the support of audience stakeholder groups.
• Lead analysis and documentation of information to support risk drivers & metrics.
• Assess risk within subject specialty area to evaluate the design and effectiveness of IT controls.
• Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum IT and security standards.
• Partner with external partners, vendors, as applicable, to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment.
• Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities.
• Highlight industry-based methodologies, techniques, or standards (FAIR, NIST, FFIEC, CSA, etc.) used as the basis for analysis efforts.
• Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline.
• Participate in other IT risk support projects and duties as needed or requested.
• Develop and implement a comprehensive IT risk management framework tailored to the needs of the banking/financial technology environment.
• Conduct thorough risk assessments to identify vulnerabilities and evaluate risk in the context of financial sector threats and compliance mandates.
• Work closely with IT, security, and compliance departments to align risk management strategies with business objectives and regulatory obligations.
• Monitor and report on the effectiveness of risk mitigation and the compliance of IT systems with internal requirements as well as established industry standards such as PCI-DSS, FFIEC, GLBA, etc.
• Develop and oversee a training program for employees on effective risk management and compliance requirements to foster a risk-aware culture.
• Stay abreast of emerging security threats, technologies, and potential impacts on the financial services industry.
• Develop and maintain a comprehensive IT risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled, or processed by the organization.
• Conduct risk assessments to identify vulnerabilities, assess potential impacts, and determine appropriate measures to manage risks effectively.
• Collaborate with IT and security teams to implement risk mitigation strategies and solutions.
• Monitor and report on compliance with IT/security policies, as well as the effectiveness of the controls and requirements.
• Provide training and guidance to staff on risk management and operational process hygiene.
• Stay informed about the latest control challenges and regulatory changes that may affect the organization.

WHAT DO YOU NEED TO SUCCEED?

Required Qualifications*

• Bachelor's Degree or equivalent
• Minimum of 12 years’ experience in Information/Cyber Security field
• Minimum 10 years of information security monitoring and response or related experience.
• Minimum of 3 years’ experience managing or coordinating resources such as people or projects

Additional Qualifications

• Demonstrated experience analyzing complex Information Security data sets within subject area specialty.
• Demonstrated knowledge of Information Security landscape -- threats, trends, technologies.
• Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk.
• Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
• Strong commitment to working as a team and providing excellent customer service.
• Exposure to banking or equivalent highly controlled technology environment is preferred.
• Master’s degree in business, computer science or related field preferred.
• Professional certifications (CPA, CISA, CISM, CISSP, GSEC, etc.) are highly desired.
• Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.).
• Experience in banking/financial industry is strongly preferred.
• Formalized training in cyber security analysis or assessment techniques.
• Big 4 experience is highly preferred.
• Proven experience in managing compliance with financial industry regulations and standards.
• Strong analytical skills to triage identified security vulnerabilities, risks, and design and implement effective mitigation strategies is preferred.
• Excellent communication skills, capable of effectively engaging and influencing various stakeholders from IT security technicians to executive management.
• Strong understanding of network infrastructure, database security, and data protection technologies is preferred.
• Experience with risk assessment tools, technologies, and methods.
• Familiarity with third party risk management and SOC reports.
• Minimum 2 years audit and assessment engagement management experience.
• Proficiency in creating and maintaining policies and compliance documentation.
• Familiarity with industry standards and frameworks such as ISO 27001, NIST, COBIT, and GDPR.
• Excellent communication, analytical, and organizational skills.

WHAT'S IN IT FOR YOU?

Compensation

Starting base salary: $100,000 - $170,000 per year. Exact compensation may vary based on skills, experience, and location. This job is eligible for bonus and/or commissions.

Benefits and Perks

At City National, we strive to be the best at whatever we do, including the benefits and perks we offer our colleagues including:

• Comprehensive healthcare coverage, including Medical, Dental and Vision plans, available the first of the month following start date
• Generous 401(k) company matching contribution
• Career Development through Tuition Reimbursement and other internal upskilling and training resources
• Valued Time Away benefits including vacation, sick and volunteer time
• Specialized health and family planning benefits including fertility benefits, and cancer, diabetes and musculoskeletal support programs
• Career Mobility support from a dedicated recruitment team
• Colleague Resource Groups to support networking and community engagement

Get a more detailed look at our Benefits and Perks .

ABOUT US

Since day one we've always gone further than the competition to help our clients, colleagues and communities flourish. City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues today. City National is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies. To learn more about City National and our dynamic company culture, visit us at About Us .

INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT

City National Bank fosters an inclusive environment where all forms of diversity are valued and leveraged to make us a better company and employer. We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sexual orientation, gender identity, national origin, disability, veteran status or other basis protected by law.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
*Represents basic qualifications for the position. To be considered for this position, you must at least meet the required qualifications. careers.cnb.com accepts applications on an ongoing basis, until filled.
Unless otherwise indicated as fully remote, reporting into a designated City National location is an essential function of the job.

#CA-AP

#LI-AP