IT Governance Risk & Compliance Analyst I (Remote w/in Florida)

Company: Seacoast Bank
Location: Gainesville
Posted on: November 18, 2023

Job Description:

Description Location: Within the state of Florida JOB SUMMARY: The IT Governance Risk and Compliance (GRC) Analyst is responsible for assisting the ISO, and the team, with the maintenance and development of the GRC components of the Information Security Program. For this role, the successful candidate will work with the Information Security team, senior management and business lines regarding their information security risks, required configurations, documentation, and reporting. This includes understanding the financial, legal, regulatory, and technical risks to the Bank's information assets, and reporting on the effectiveness of security controls. ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Ability to work productively while local, or remote, and communicate effectively in a virtual team environment
• Facilitate, perform, and document logical access reviews supporting key bank controls
• Assist with the enterprise-wide Information Security training program
• Assist with contract maintenance including approvals and vendor payments
• Review and document daily/weekly/monthly and ad-hoc security reports and escalate deviations
• Assist with creating management reports and presentations
• Assist with vendor management reviews and escalate deviations
• Assist with the development and implementation of security policies, standards and procedures for information system platforms and system environments
• Assist with interactions with the Internal Audit Department for information security related items and audits
• Review and assess (methods of streamlining and automating) ways to streamline and automate the GRC administration function as appropriate
• Assist with periodic risk assessments / reviews and control testing of established FFIEC, GLBA, SOX, FDIC, NIST and other regulatory and industry related information security standards and safeguards to verify their ongoing pertinence and effectiveness of control within the current environment
• Support Business Continuity Planning and Disaster Recovery as related to Information Security
• Stay up to date with current and emerging risks and threats to the Bank
• Stay up-to-date with regulatory changes and industry developments to assist in compliance with relevant laws, regulations, and guidelines
• Ability to maintain a high level of confidentiality
  EDUCATION and/or EXPERIENCE:
  • A Bachelor's degree in Accounting/Audit, Computer Information Systems, Business Administration, and/or Engineering with the appropriate emphasis in Information Security
  • Minimum 2 years information security and/or audit experience
  • Prior information systems and/or security management within a financial institution is preferred
  • Security administration experience in the following areas of expertise: internet security and electronic/mobile banking, application security, security design and implementation, information security/IT auditing, information security/IT policy development, risk assessments, federal regulatory compliance for information protection, information security training and management
  • Degrees may be considered in lieu of years of experience
    Required Skills
    • Ability to work with management to identify, assess, and mitigate information security risks
    • Knowledge and experience with information security policies, procedures, and best practices
    • Knowledge and experience with FFIEC, GLBA, SOX, FDICIA and other regulations as well as industry standards relative to information security compliance programs covering staff and management.
    • Experience with conducting information security related training and outreach programs to customers and the public
    • Strong communication, project management, and leadership skills
    • Strong Microsoft Office (Excel, PowerPoint etc.) skills
      Preferred Skills
      • Experience with Power BI to assist with data manipulation and visualization
      • Knowledge and experience with Vendor Management platforms
      • Knowledge and experience with GRC platforms
      • Experience with implementing enterprise wide as well as customized information security training
      • Writing information security policies and procedures
      • Previous consulting experience is a plus (e.g. Big4; Accenture; Protiviti; RSM; etc.)
        Preferred Certifications
        • CISA, CRISC, Security+, ITIL, Certified in Cybersecurity (CC)
          The Statements above are intended to describe the general nature and level of work being performed by people assigned to this position. They are not intended to be an exhaustive list of responsibilities, duties, and skills. Because these statements are general, the job description is used for a variety of purposes including job evaluations; performance reviews; recruitment; etc. All Associates are required to adhere to the highest legal and ethical standards applicable to our industry. It is the policy of Seacoast Bank that all Associates will be familiar and compliant with all regulatory, legal, ethical and Bank risk mitigation requirements pertaining to both our industry and their individual roles. This includes the on time, successful completion of annual required training post-hire and effective execution of role responsibilities. #LI-PF1 Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
          
          The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)

Keywords: Seacoast Bank, Gainesville , IT Governance Risk & Compliance Analyst I (Remote w/in Florida), Professions , Gainesville, Florida