IT Governance Risk and Compliance Analyst II (ITGOV012287)

This job was posted by https://www.arjoblink.arkansas.gov : For more
information, please see: https://www.arjoblink.arkansas.gov/jobs/4349633

The IT Governance Risk and Compliance Analyst II supports the IT
Strategy & Control Programs mission of strengthening and optimizing
the Centennial Bank IT Departments control and security posture. This
is accomplished through the development and implementation of various
Governance, Risk, and Compliance management activities.

This is a remote position.

ESSENTIAL DUTIES AND RESPONSIBILITIES

1. Perform First Line of Defense testing to evaluate the design and
overall effectiveness of IT controls.

2. Conduct periodic IT and Information Security risk assessments to
help IT management assess known risks and identity new risks.

3. Consult with project teams to ensure inclusion of adequate controls
are in scope for projects.

4. Provide guidance and assists with policy, procedure, and standard
development and updates across the IT organization.

5. Stay current on changes to regulatory guidance, FFIEC work programs,
and other related compliance programs.

6. Act as a liaison and coordinates with auditors (internal and
external) to answer process questions and to provide evidence related to
audit engagements.

7. Monitor control remediation initiatives.

8. Provide recommendations and assists with strategic planning
activities and plan updates.

9. Support the shaping, development, and continuous improvement of
control frameworks across IT.

10. Analyze control environment and recommend/implement continuous
monitoring to help streamline monitoring activities.

11. Maintain and provide assistance with ownership of the IT control
library.

12. Complete required BSA/AML training and other compliance training as
assigned.

13. The ability to work in a constant state of alertness and in a safe
manner.

14. Perform any other related duties as required or assigned.

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform
each essential duty mentioned satisfactorily. The requirements listed
below are representative of the knowledge, skill, and/or ability
required.

EDUCATION AND EXPERIENCE

Broad knowledge of such fields as accounting, marketing, business
administration, finance, etc. Equivalent to a four-year college degree,
plus 4 years related experience and/or training, and 4 years related
management experience, or equivalent combination of education and
experience.

REQUIRED CERTIFICATES, LICENSES, REGISTRATIONS

At least one of the certifications from the Preferred Certificates,
Licenses, and Registrations is required. Other relevant certifications
may be considered for this requirement but must be approved by the
department head.

PREFERRED CERTIFICATES, LICENSES, REGISTRATIONS

-Certified Information Systems Security Professional (CISSP)

-Certified Information Systems Auditor (CISA)

-Certified Information Security Management (CISM)

-Certified in Risk and Information Systems Control (CRISC)

-Certified Internal Auditor (CIA)

-Certified in Risk Management and Assurance (CRMA)

-Certified in Governance of Enterprise IT (CGEIT)

-GIAC Security Essentials (GSEC)

-Project Management Professional (PMP)

-Lean Six Sigma (yellow, green, black belt).

SOFTWARE SKILLS REQUIRED

Intermediate: Database, Presentation/PowerPoint, Spreadsheet, Word
Processing/Typing

ADDITIONAL INFORMATION

-Masters degree in a related field is a plus.

-Experience with Sarbanes Oxley audits, SOC 1 and SOC 2 audits, and
other regulatory examinations is a plus.

-Excellent interpersonal and communication skills to work with all
levels of management, employees, peers, and vendors.

-Excellent analytical and problem-solving skills to solve/manage complex
technical problems.

-Ability to prioritize tasks and time, and exercise good judgment and
common sens in all activities.

-Working knowledge of the following control frameworks is preferred:
COBIT, NIST CSF, ISO/IEC 27002, CIS Controls, PCI DSS