Regulatory Assessment Analyst (IT Security Governance)
4910 Tiedeman Road, Brooklyn, OH
Location:
4910 Tiedeman Road - Brooklyn, Ohio 44144Job Description
Manages and/or participates in regulatory exams and internal audits. Performs regulatory assessments. Performs or participates in the risk assessment process and evaluation of cyber related risk, including potential use of cyber risk quantification. Serves as backup in other security governance processes. All associated efforts are to promote and advance an information security process and culture, and must reflect compliance with best practices, applicable federal and industry regulations, as well as company information security policies and standards.
Required Qualifications:
- Bachelor degree preferred; equivalent experience of 8 or more years of combined experience within information technology or information security is acceptable.
- Ability to translate information security terminology into terms understandable to diverse groups.
- Good understanding of security controls.
- Excellent written and oral communication skills.
- Excellent analytical and problem solving skills.
- Excellent facilitation and negotiation skills.
- Ability to work independently.
- Ability to multi-task and manage competing priorities.
- Detail oriented.
- Commitment to teamwork.
- Ability to drive Continuous Improvement efforts.
Preferred Skills:
- Background in information security within the financial services industry.
- Understanding of industry best practices/guidance, e.g., NIST, FFIEC.
- Understanding of federal and industry regulations associated with information security, such as Sarbanes-Oxley, HIPAA, GLBA, etc.
Essential Job Function:
- Manages regulatory exams and internal audits that focus on security/cyber and provides support for other exams/audits that have a security/cyber component.
- Participates in SOX audits and coordinates responses to auditors.
- Provides ad-hoc analysis of risk and performs risk assessments.
- Reviews new or emerging security related regulations for potential impact to Key.
- Explores opportunities to help advance Key’s use of cyber risk quantification.
- Communicates the practical implications of information security decisions, issues and plans to the organization.
- Attends conferences and training as required to maintain proficiency.
COMPENSATION AND BENEFITS
This position is eligible to earn a base salary in the range of $92,000 to $150,000 annually depending on location and job-related factors such as level of experience. Compensation for this role also includes eligibility for short-term incentive compensation and deferred incentive compensation subject to individual and company performance.
Please click here for a list of benefits for which this position is eligible.
Key has implemented a role-based Mobile by Design approach to our employee workspaces, dedicating space to those whose roles require specific workspaces, while providing flexible options for roles which are less dependent on assigned workspaces and can be performed effectively in a mobile environment. As a result, this role may be Mobile or Home-based, which means you may work primarily either at a home office or in a Key facility to perform your job duties.
Job Posting Expiration Date: 11/19/2024KeyCorp is an Equal Opportunity and Affirmative Action Employer committed to building a diverse, equitable and inclusive culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other protected category.
Qualified individuals with disabilities or disabled veterans who are unable or limited in their ability to apply on this site may request reasonable accommodations by emailing HR_Compliance@keybank.com.
#LI-Remote
ApplyJob Profile
Mobile or home-based
Benefits/PerksBase salary Deferred incentive Deferred incentive compensation Flexible work options Short-Term Incentive Short-term incentive compensation
Tasks- Communicate security implications
- Drive continuous improvement
- Manage regulatory exams
- Perform risk assessments
Analysis Analytical Communication Compliance Continuous Improvement Cyber risk quantification Facilitation FFIEC Financial Services GLBA Governance HIPAA Information security Information Technology IT Security Negotiation NIST Options Oral communication Problem-solving Regulatory assessments Risk Assessment Sarbanes-Oxley Security Controls Security policies Teamwork Training
Experience8 years
EducationBachelor degree Equivalent Equivalent experience Information Security
TimezonesAmerica/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9