• IT Risk Analyst, Enterprise Risk Management

    Job Locations
    US-CA-San Francisco
    Risk Management
  • Overview

    IT Risk Analyst, Enterprise Risk Management, will play a critical second line of defense role to make sure the bank is resilient to technology risks.  This will be accomplished through partnering with key stakeholders such as Enterprise technology, Information Security and Vendor Management teams, to identify and document top IT and Vendor risks, and to perform and document risk assessments.


    This position requires excellent communication and writing skills, and the ability to quickly develop a working knowledge of First Republic Bank’s technology, processes, policies and procedures.


    20% - Using the ERM framework and partnering with Enterprise Technology, Information Security and Vendor Management, to identify and document top IT and Vendor risks (including IT Process flows, mapping of controls, breakpoints and relevant action plans). Provide independent review and challenge for IT and Vendor risk assessment frameworks and methodologies. This may include targeted validation / testing to ensure IT and Vendor risk programs are implemented appropriately and identify exceptions.


    20% - Participate in reviews of IT-related enterprise-level and targeted risk assessments, such as the FFIEC Cyber security assessment or NIST Cybersecurity Framework, GLBA, eBanking, etc.


    20% - Assist with risk assessments of critical technology projects. Assist in identifying, analyzing and documenting key risks associated with implementation of critical technology projects; identifying and assessing its control environment effectiveness and mitigation plan associated with those risks.

    20% - Develop quality documentation of risks, controls, assessments, process flows, gaps and action plans


    20% Perform duties & responsibilities specific to department functions & activities or as assigned by supervisor.


    Essential Skills, Bodies of Knowledge and Abilities:


    • A minimum of 3 years of experience within risk assessments, IT operations or information security;

    • A minimum of 3 years of relevant experience and knowledge in:

    o Products, services, policies and regulations impacting technology risk, vendor risk, and information security (such as: GLBA, PII, PCI)o FFIEC Cyber security assessment or NIST Cybersecurity Framework
    o Strong skills in Cloud migration, risk assessments and technology operational and security controls
    o Risk assessments of critical technology implementations
    o Identifying and documenting top IT and Vendor risks (including IT process flows, mapping of controls, breakpoints and relevant action plans)

    • Strong knowledge of IT operations, technology architecture and infrastructure;

    • Excellent verbal and written communication skills;

    • Strong communications, planning, organizational, decision-making, and customer service skills;

    • Proven ability to respond to changing circumstances;

    • Team player who is comfortable working in a dynamic and fast-paced environment with minimal supervision;

    • Ability to interact confidently with senior management;

    • Balance multiple projects and other responsibilities;

    • Strong attention to detail with a pro-active approach to solving and preventing problems;

    • Ability to work under pressure/deadlines and manage multiple priorities;

    • Exceptional interpersonal and partnership skills and the ability to positively influence outcomes, particularly in difficult matters;
    • Strong time management and organization skills.

    • Highly motivated and able to adapt to changing priorities.

    Education, Experience, Training, or Certifications/Licenses: • Minimum of Bachelor's degree in Information Technology, Business, Operations Management or equivalent;

    • Internationally recognized professional certifications preferred, such as: CISA, CISM, ITIL, CISSP, CSA
    Mental/Physical Requirements: • Vision must be sufficient to read data reports, manuals and computer screens.

    • Hearing must be sufficient to understand a conversation at a normal volume, including telephone calls and in person.

    • Speech must be coherent to clearly convey or exchange information, including the giving and receiving of assignments and/or directions.

    • Position involves sitting most of the time, but may involve walking or standing for brief periods of time.

    • Must be able to travel in a limited capacity.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed