Information Security Risk Business Analyst
Direct-Hire (On-Site)
Summary
The Information Security Risk Business Analyst acts as a critical bridge between the Information Security Office and departmental executives. This role is responsible for identifying and assessing controls, testing existing systems, and aligning processes with technology frameworks and regulatory standards (e.g., ISO, NIST, FFIEC, FDIC). The role also encompasses gap analysis, project tracking, and executive-level reporting to ensure compliance and risk mitigation.
Qualifications
Education:
- Bachelor’s degree in Information Systems or a related field, or an equivalent combination of education, experience, and training.
Experience:
- A minimum of 5 years of combined experience in requirements development, operations analysis, business management consulting, project management, control testing, or enterprise risk management.
Essential Functions
Job-Specific Responsibilities:
- Analyze and document business requirements clearly to support organizational goals.
- Identify and implement controls aligned with technical frameworks (e.g., ISO, NIST).
- Test, monitor, and catalog system controls to ensure effectiveness.
- Conduct gap analyses and develop strategies to mitigate identified risks.
- Design business architecture and functional workflows.
- Lead meetings and deliver presentations to share insights and solutions.
- Perform functional reviews with diverse stakeholders.
- Assess system impacts on related processes and systems.
- Train personnel on new systems, processes, or enhancements.
- Develop executive reports and strategy documentation to communicate findings and recommendations.
Organization-Specific Responsibilities:
- Utilize Windows-based systems and applications, including MS Windows, NT Server, MS Exchange Server, MS IIS Web Server, MS Office, and MS Outlook.
- Adhere to organizational policies and procedures.
- Represent the company positively and professionally.
- Attend mandatory in-services, staff meetings, and training sessions.
- Maintain confidentiality regarding customer, organizational, and employee information.
- Adapt effectively to significant changes in tasks, environments, or processes.
- Ensure compliance with the Bank Secrecy Act, Anti-Money Laundering laws, the USA PATRIOT Act, and OFAC regulations.
Knowledge, Skills, and Abilities
- Exceptional verbal and written communication skills for both business and technical audiences.
- Advanced knowledge of end-to-end systems development life cycles.
- Expertise in process improvement and mapping.
- Proficiency in creating complex process flows with control points using Visio Pro.
- Experience in identifying and testing controls within frameworks like ISO, NIST, and FFIEC.
- Strong knowledge of enterprise risk management principles.
- Leadership capabilities with a focus on dependability, curiosity, and solution orientation.
- Excellent interpersonal and customer service skills.
- Thorough understanding of the supported business areas.
- Self-motivated with the ability to handle multiple tasks efficiently.
- Strong technical writing and problem-solving skills.
- Ability to interpret technical manuals, correspondence, and instructions.
- Confident in presenting information to individuals and small groups.
- Skilled in articulating technical concepts to non-technical audiences.
- Proficient in facilitation, situational awareness, conflict resolution, and process improvement.
- Project management expertise with an understanding of the FinTech industry.
Interested candidates are encouraged to submit their resume for consideration.
All qualified applicants will receive consideration for employment without regard to race, color, religion, ethnicity, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other protected status under the law.
EverStaff is an equal opportunity employer (M/F/D/V/SO/GI)