Governance, Risk, Compliance (GRC) Specialist
Miami, FL, United States
City National Bank of Florida
Florida's iconic community bank with a global reach, trusted and admired by our clients for our people-centric culture.Overview
The GRC Specialist is responsible for assessing and documenting of the Bank's compliance and risk posture as they relate to IT's information assets. The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Principal Duties & Responsibilities:
- Expert at conducting gap analysis, communicate results, and use expert knowledge to implement frameworks and standards changes to NIST, SOX and GLBA controls.
- Proficient monitoring compliance with industry and government rules and regulations, interpret impact and develop or revise policies, standards, and processes to meet regulatory standards applicable to the business.
- Carries major assignments in conducting business operations and supports the technical implementation and maintenance of the IT GRC tool, leveraging industry knowledge and experience to ensure best practices are followed.
- Authority to negotiate with key stakeholders in the business to prioritize, identify, assess, aggregate and document risks and controls, including risks associated with new applications, services, regulations, and third-party operations using advanced knowledge.
- Delivers impactful presentation of findings to various levels of leadership and get buy-in.
- Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing while developing metrics, dashboards, and evidence artifacts to communicate results of risk assessments to business process owners and various levels of leadership.
- Use knowledge and skills to influence remediation and prioritization of key risks while demonstrating holistic understanding and management of risks according to regulatory requirements and industry best practices.
- Provide expert advice to enhances processes, strategies, tools, and methodologies to measure, monitor, and report risks.
- Applies advanced knowledge to produce analytical material for discussions with cross functional teams to understand business objectives and influence solution strategies.
- Leverage experience and knowledge to serve as a key contributor in cross-functional teams to identify, assess, aggregate, and mitigate current and emerging risk events.
- Serves as a subject matter expert, provides expert advice and formulate and evaluate contingency plans in partnership with key business stakeholders.
- Create efficiencies in for audit engagements by establishing and maintaining a document request list (DRL) library.
- Guide and support the identification and resolution of risks via the Issue Management process and perform other duties as assigned.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
Qualifications
- 2-4 years of applied work experience in IT Governance, Risk, and Compliance (GRC); experience in Cyber Security Program management, audits, assessments, risk remediation, or cyber security compliance management are a plus. Preferred
- Knowledge of:
- Applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC and NIST;
- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
- Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
- Information systems auditing, monitoring, controlling, and assessment process;
- Incident response management;
- Risk assessment and management methodology.
- Skills in:
- Proficiency using Microsoft Office software products such as Word, Excel, and PowerPoint.
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
- Researching and locating information related to internal and external organizations using online and other sources;
- Security project management and planning;
- Maintaining confidentiality;
- Troubleshooting and operating a computer and various software packages;
- Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
- Using judgment and ingenuity in maintaining objectives and technical standards;
- Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally;
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
- Handle sensitive and confidential matters, situations, and data;
- Certification in any of the following is a plus: CISA, CRISC OR CISSP.
Education
- Bachelor's Degree in Business Administration, Risk or related field (relevant experience may substitute for the degree requirement)
Special Instructions to Candidates
- Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
- Please view Equal Employment Opportunity Posters provided by OFCCP here.
- The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
- Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits C CISA CISSP Cloud Compliance CRISC FFIEC GLBA Governance Incident response Intrusion detection Monitoring NIST Risk assessment Risk management Security analysis SOX Strategy
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs