Information Security Risk Specialist

Job Purpose:

The Information Security Risk Analyst plays a critical role in supporting the Bank's Information Security Program by assisting with policy development, administration, and procedural documentation to ensure compliance with regulatory and legal requirements as well as internal standards. This position collaborates with the Chief Risk Officer and other internal stakeholders to identify and assess business and technology risks, perform annual risk assessments for cybersecurity and information technology, and recommend enhancements to internal controls. The analyst is responsible for monitoring alerts from data loss prevention systems, conducting periodic tests, summarizing results, and providing detailed reports to stakeholders to support informed decision-making and corrective action.

The analyst participates in the Bank's Change Management Committee, helps oversee change management processes through formal testing, and assists with gap analyses and privacy risk assessments as required by state laws. The Information Security Risk Analyst actively monitors and enforces Bank policies and procedures, implements solutions to address identified risks, and fosters operational resilience and ongoing compliance with banking regulations. Additionally, the Information Security Risk Analyst analyzes risk metrics and assists in the administration of the Bank's risk management program, communicates and interprets compliance rules and regulations to Bank employees, and researches regulatory issues as they arise. Maintains a thorough knowledge of federal and state regulations to assist in researching, preparing, implementing, maintaining, developing, and tracking Bank compliance for new and existing products and services. Implements and maintains monitoring disciplines, escalation, and reporting standards.

Responsibilities and Expectations:

Assists with the Bank's Information Security Program, including policy administration and procedural writing.

Participates with the Chief Information Security Officer and/or leads internal Bank meetings and discussions as it relates to identifying security requirements using methods that may include risk and business/security impact assessments. Collaborates with internal stakeholders across sales, marketing, credit, legal, finance, compliance, operations, and executive management to integrate changes into existing business processes.

Assists the Chief Risk Officer in assessing and evaluating business and technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement through annual risk assessments of cybersecurity, information security, and information technology.

Collaborates with operational and business units to accurately classify consumer data, thoroughly document the application of automated decision-making models, and perform comprehensive risk assessments and reporting to ensure compliance with California law. Proactively identify gaps and drive the implementation of effective risk mitigation strategies to maintain alignment with the Bank's tolerance for risk.

Responsible to conduct periodic monitoring, including summarizing results of tests and making recommendations for corrective action to address any exceptions noted.

Works with Chief Risk Officer to oversee the change management process, ensuring operational readiness through formal pre- and post-implementation testing. Participates as a member on the Bank's Change Management Committee.

Assists Chief Technology Officer to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.

Coordinates BCP/DR/BIA exercises and annual updates to plans.

Regularly cooperates with, responds to, and collaborates on solutions to findings from external partners as engaged by the Bank to perform audits, address compliance with regulatory and compliance issues and updates, and consult on risk management issues.

Assists during examinations or audits (both internal and external), including following up on and assisting in resolving issues. Monitors and follows up on outstanding audit and examination findings.

Prepares for and ensures Board and Management approval for new initiatives, including completing necessary risk assessments.

Participates in security investigations and compliance reviews as requested by external auditors

Monitors risk mitigation and coordinating policy and controls to ensure effective remediation steps

Conducts and reports on internal investigations of possible security violations

Produces reports and conducts initial review and circulates for secondary review and approval.

Helps to develop security awareness training programs and ensures compliance with required curriculum.

Reviews activity logs and reports from various data loss prevention systems to clear false positives and respond to incidents. General:

Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.

Completes administrative tasks correctly and on time; supports the Bank's goals and values; benefits the Bank through outside activities.

Comply with all applicable OSHA safety standards, including:

Read the workplace safety and health poster at the jobsite.

Report hazardous conditions to your supervisor and/or HR.

Report any job-related injury or illness to your supervisor and/or HR and seek treatment promptly. Compliance

Complies with all bank policies and procedures and all applicable government regulations including, but not limited to:

Ensuing products and advertising comply with applicable regulations;

Staying current and knowledgeable of all policies, procedures and regulations related to the job functions, and completing all assigned training on time, requesting additional training as needed to be proficient in all job responsibilities;

Cooperating with internal and external auditors and bank examiners by providing full cooperation and timely delivery of requested documentation and information; and

Reporting concerns about compliance to the CRO to enable prompt remediation.

Complies with Bank policies and procedures relating to the Bank Secrecy Act (BSA), and Anti Money Laundering (AML) and Office of Foreign Asset Control (OFAC) guidance. Report suspicious activity to the BSA Department through a Suspicious Incident Report (SIR).

Adheres to privacy and information security policies and ensure all sensitive internal and external customer information is properly secured and safeguarded. Use secure methods delivering client and/or confidential data by email.

Demonstrates knowledge of and adherence to Equal Employment Opportunity (EEO) policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.

Required Skills & Education:

Bachelor's degree in law or business administration, or a related field or equivalent related experience.

At least 5 years in a Risk Management, Security, Audit and/or in a similar role with subject matter expertise in privacy rules and regulations. A master's degree and/or relevant certifications (e.g., CISSP or CISM) would be a plus.

Familiarity with security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering.

Excellent analytical, organizational, critical thinking, and presentation skills. Proficiency in creating and delivering presentations to various stakeholders.

Strong verbal and written communication skills, with experience in interacting with Board members and senior leadership; ability to communicate effectively and project a professional image when giving and taking information in writing, in person and over the phone.

Proven track record in implementing or significantly contributing to an information security program (or equivalent), with specific experience in banking.

Good interpersonal skills with the ability to effectively work with individuals and groups at all organization levels; ability to work independently and as part of a team.

Ability to take initiative and prioritize tasks; excellent time-management, problem-prevention, and problem-solving skills.

Ability to maintain confidentiality of sensitive information.

Proficiency in Microsoft office and other Windows-based systems required.

Experience and education in meeting requirements of state and federal banking laws and regulations.

Working Conditions & Physical Requirements:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.

The employee will be situated in an office type setting in which he or she is free to move about at will. It may include some minor annoyances such as noise, odors, drafts, etc.

The employee in the course of performing this position spends time writing, typing, speaking, listening, lifting (up to 20 pounds), driving, carrying, sitting, pulling, walking, standing, squatting, kneeling and reaching.

The employee for this position may operate any or all of the following: telephone, cell phone, copy and fax machines, adding machine (calculator), scanner and image systems, personal computer and related printers, or other equipment as directed.

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.