Job Family: Risk

Monitors activities to minimize the company's exposure to risk. Activities may include quantitative analysis, risk identification and remediation. Represents or supports the reputation of the company to minimize compliance and regulatory risk by resolving issues and ensuring adherence to company and legal standards. Responsible for ensuring that all of the company's activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions.

Job Function: Business Control

Ensures transparency of business results and processes. Typically organizes a reporting system and tracks goals accomplishment, collect and process data and provides managers with all necessary company management data and information.

Summary of Responsibilities:

The Sr. Analyst, Business Control & Risk Management is responsible for various information security activities related to risk management performance. Works to identify, assess and action various information security risks throughout the assigned business line by executing defined risk programs. The Sr. Analyst is responsible for developing, analyzing, reporting and challenging data. The candidate participates in initiatives and recommends opportunities for improved efficiency, effectiveness and/or risk reduction.

Essential Functions:

  • Performs data analysis, report preparation and trend analysis, utilizing business intelligence tools.
  • Identifies, analyzes, monitors, , promote control and risk education, and operational and risk support activities to the business.
  • Identifies opportunities for improvement that will strengthen the overall information security control environment.
  • Learns to translate information security control deficiencies into action plans. Contributes to the enhancement of governance practices in alignment with risk and compliance frameworks.
  • Conducts periodic information security risk assessments of operational areas to identify areas of risk, including the documentation of risks, identification of risk owners, measurement of risks, and facilitation of appropriate risk treatment plans
  • Partners with management to identify applicable key risk indicators and to coordinate root cause analysis, action plan development and implementation of needed updates. Assist with special projects related to Controls, on an as needed basis.
  • Assists in the development, implementation, and maintenance of our IT risk management framework.
  • Assists in the business understanding of Risk Control Self-Assessments (RCSA's).
  • Partners with process owners to identify information security control failures, and assesses the impact.
  • Supports management on the identification and measurement of trends and improvements utilizing best practices.
  • Assists with the development and documentation of achievable and sustainable action plans to remediate identified control weaknesses.
  • Manages the process of assessing critical risk and controls identified by management.
  • Prepares reports and provides insight to business on control / risk management. Responsible for interpreting regulations in order to adjust and improve internal controls.
  • Performs ongoing supervision of established business information security controls and applies maturing knowledge to perform root cause analyses, testing coordination and seeks guidance from team members to evaluate the effectiveness of established business information security controls.
  • Makes recommendations to drive improvement efforts and participates in the remediation through action plan coordination and support.
  • Acquires and applies a developing knowledge of changes to the regulatory environment to ensure proper compliance with processes and requirements are followed.

    Other Functions:

  • Maintain awareness of technology, threat, risk, and business landscapes.
  • Monitor Information Security programs within the business.
  • Assist conducting Information Security risk assessments.
  • Assemble reporting and presentation materials for working group meetings, and ad-hoc analyses.  
  • Draft and maintain process documentation.


  • Education –
    • Bachelor's Degree
    • or equivalent work experience
  • Experience –
    • 3-5 years Information Security
    • 3-5 years Banking Industry
  • Skills & Abilities –
    • Developing knowledge of relevant regulatory compliance, industry regulations and regulatory data sources required.
    • Knowledge and working understanding of additional standards, theories, concepts, and terms (including  Sarbanes-Oxley, GLBA, National Institute of Standards and Technology (NIST), and Federal Financial Institutions Examination Council (FFIEC)).
    • Issue management experience (validation, mapping to controls, remediation planning, tracking and reporting).
    • Knowledge and experience with IT risk management and use of control frameworks.
    • Experience working with metric stream.
    • Experience in gap or risk analysis.
    • Strong collaboration and relationship management skills.
    • Control mindset.
    • High sense of urgency with ability to drive results.
    • Demonstrable evidence of stakeholder management.
    • Effective multi-tasking and prioritization skills.
    • Self starter, able to establish relationships and transcend multiple cross-functional/divisional boundaries, largely unaided.
    • Ability to handle diverse workload and tight schedules.
    • Strong risk assessment, negotiation and problem resolution skills.
    • Ability to lead and drive change.
    • Excellent verbal and written communication/presentation skills.
    • Strong interpersonal skills and positive attitude.
    • Effective written and verbal communication skills.
    • Solid time management and organizational skills.
    • Attention to detail and a strong work ethic.
    • Ability to interpret and analyze data with advanced reasoning and analysis skills.


  • Collaboration – Relationship Management:
    • Proficient – Applying and Executing
      • Knows who to reach out to inside and outside of one’s team to get work done
      • Takes action to enhance working relationships needed to achieve seamless work flow

  • Collaboration – Teamwork:
    • Proficient – Applying and Executing
      • Creates a good working environment in the team; works towards shared goals contributing ideas and accepting change
      • Provides assistance and coaches less experienced team members

  • Execution – Accountability:
    • Proficient – Applying and Executing
      • Follows through to meet commitments to others
      • Takes responsibility for achieving strong results, despite balancing multiple complex demands

  • Influence – Information Sharing:
    • Proficient – Applying and Executing
      • Uses information and data effectively to support a position and present a rational case

  • Influence – Two-way communication:
    • Proficient – Applying and Executing
      • Communicates in a timely and straightforward manner
      • Probes for additional information, clarifies assumptions and confirms agreed-upon actions
      • Keeps everyone involved informed about progress and issues

  • Risk Business Acumen – Industry Acumen:
    • Proficient – Applying and Executing
      • Stays current with industry and regulatory trends and emerging risk issues
      • Has good understanding of current market and competitive landscape that the organization operates within

  • Risk Management – Knowledge of Risk Management Policies, Regulations, Processes and Procedures:
    • Proficient – Applying and Executing
      • Executes risk management process and procedures without management direction, and demonstrates awareness of expected results
      • Knows the relationship and impact of actions and results
      • Has an understanding of regulations impacting area supported
  • Risk Management – Risk and Compliance Adherence:
    • Proficient – Applying and Executing
      • Communicates the importance and benefits of risk management to counterparts
      • Displays natural skepticism and curiosity to question the status quo and uncover issues
      • Adheres to a good root cause analysis process

Working Conditions:

  • Frequently: Minimal physical effort such as sitting, standing, and walking.
  • Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.
  • Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

Employer’s Rights:

  • This job description does not list all the duties of the job.  You may be asked by your supervisors or managers to perform other duties.  You will be evaluated in part based upon your performance of the tasks listed in this job description.
  • The employer has the right to revise this job description at any time.  This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.