What sets Bank of the West apart from other banks is our team members–they embody the
optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more
than 10,000 employees is vital to the success of our Bank. They reflect our modern western
values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that
fosters and rewards excellence, encourages creative thinking and respects diversity – an
environment where team members are engaged, supportive of one another and enthusiastic about
serving our customers. Bank of the West offers the stability of a company that has a 135 year
history and is part of BNP Paribas, a European leader in global banking and financial services
and one of the 6 strongest banks in the world. We offer opportunities across our diverse business
lines – Retail Banking, Commercial Banking, National Finance, and Wealth Management.
Enterprise Information Security Risk Management Analyst - Senior
Purpose Statement:
Responsible for performing risk management analysis of the Bank’s essential Third Party
Service Providers primarily through onsite inspection of their Data Centers and\or review of
Corporate Policies, External Audit Reports, and evidence of Information Security effectiveness.
Essential Job Functions:



Identify and document risk to information security within the Bank’s service provider
organizations through completion of Enterprise Information Security (EIS) vendor
security assessments.
o Lead on-site security assessments at selected third party locations.
o Review external audit reports, vulerabillity and penetration test results, Business
Continuity Plans, etc.
o Interview IT personal and key staff responsible for configuration management,
compliance, Incident Response, acces control, and other critical functions of
information security.
o Formally document assessment for visiblitly withing the organization and
tracking purposses.
Work closely with Third Party Program Office and Contract Administration to provide
Enterprise Information Security Risk Assessment support for security vendor assessments
o Perform security assessments of vendors according to risk
o Coordinate with Security Engineering/Architecture to determine mitigating
controls or other recommendations on an as-needed basis
o Identify, then assist the Bank’s Third Party Program Office, as required, to track
remediation of vulnerabilities or other secuirty risks.
Improve security processes through the identification and assessment of emerging third
party management risks, corporate and regulatory standards, and comparison of the
Enterprise Information Security’s vendor risk assessment program capabilities to industry
standards. Research industry trends and best practices as noted through organizations
such as PCI-DSS, NIST and ISO.
Education:
Bachelor’s Degree in Business, Computer Science, Management Information Systems (related
Information Technology or Security field preferred)
Experience:
Eight+ years of experience working within a professional organization, preferrably as Tier 2
system support or other IT area with exposure to system configuration and application hardening.
Applicants should have a deverse knowledge of supporting enterprise applications and systems
such as Windows environments and Active Directory.
Risk Management, Information Security, IT Audit, and/or Compliance.
Preferred Qualifications
·
Knowledge in various information security areas, such as: Identity and Access
Management, Threat and Vulnerability Management, Information Risk and Governance,
IT Architecture, Monitoring, Incident Response and Security Strategy
·
Familiarity with the following assessment frameworks/standards:
·
ISO/27000 Series
·
BITS SIG/SAS-70/SSAE-16
·
COBIT/SOX IT Control Testing
·
NIST
·
PCI-DSS
·
Knowledge of security controls for the handling of Personally Identifiable Information
(PII) data
·
Knowledge of regulations and security compliance requirements affecting financial
institutions (FFIEC)
·
·
Training in Risk Management or IT Audit Methodology strongly desired
Technology risk or security certification preferred, e.g. CISSP, CISM, CISA, CRISC or
equivalent
Skills
·




Ability to exercise sound judgment regarding assessment findings and make effective
recommendations to management
·
Ability to work effectively on multiple projects within a team structure
·
Ability to meet time sensitive deadlines
·
Ability to work and achieve goals without constant supervision
·
Excellent verbal communication skills
·
Excellent written communication skills
·
Strong interpersonal skills
A result driven, senior IT professional with strong background in IT Risk & Security,
Governance, Compliance, and Change Management.
Demonstrated expertise in identifying IT Risks and implementing risk mitigating procedures
using standard risk management guidelines including HIPAA, HITECH, PCI, COSO,
COBIT, NIST, ITIL and various other control frameworks.
Strong Program/Project Management skills with proven ability to facilitate communications,
motivate team members, and manage stakeholder expectations.
Strong ability to partner with various business and technology groups to identify, develop
and execute project requirements.