Position Title
Enterprise Risk Analyst Sr.

Location
New York, NY 10018

Job Summary
This position is responsible for creating, maintaining, assessing and reporting on the status of the information technology and information security threats, risks, and controls. This position will be responsible for identifying and documenting potential gaps, testing and validating control adherence, and recommending and validating risk mitigation. In addition this position will perform enterprise wide cyber and technology risk assessments, create formal risk assessment reports, and communicate these to senior leadership.

Pay Range $84, 878 - $126, 468 - $168, 059

Job Responsibilities:

• Govern and risk assess technology and security programs: including policies, standards, controls, procedures, and testing requirements for technology and security organization in line with NIST 800-53 and NIST 800-37, Secure Controls Framework, and Industry Best Practices.
• Design, validate, track, and report risk mitigation strategies in line with the company risk appetite. Communicate results to stakeholders including executive leadership.
• Perform complex enterprise wide risk assessments including mapping out threats and controls, identifying gaps, determining inherent and residual risk ratings in adherence with the enterprise Risk Governance Framework. Create formal risk assessment reports and present to executive leadership.
• Assist stakeholders in the business lines and technology in understanding risk and control requirements to ensure that risk responsibilities are understood and followed throughout the enterprise. Assist more junior associates on the team with understanding complex technical concepts and best practices.

ADDITIONAL ACCOUNTABILITIES

• Perform special projects, and additional duties and responsibilities as required.
• Consistently adhere to regulatory and compliance policies and standards linked to the job.
• Complete required compliance trainings.
• Accountable to maintain compliance with applicable federal, state and local laws and regulations.

JOB REQUIREMENTS

Required Qualifications:

The minimum education and experience required complete each bullet point below. Items in this section must be objective, relevant, and clearly identifiable. Applicants who do not meet these criteria will not be considered.

• Education level required: Undergraduate Degree (4 years or equivalent) Computer Science or Cyber Security preferred.
• Minimum experience required: 4+ Years in Technology Audit, Information Technology, or Information Security.
• Security +, CISA, CRISC, CISSP or equivalent a plus

Job Competencies:

List the knowledge, skills and abilities required to perform the essential functions of the job. These should be related to the requirements above, but may not be easily determined from a resume review (i.e. intermediate excel proficiency, strong financial acumen, detail oriented, etc.)

• Strong understanding of internal/external processes and deadlines
• Expert in technology and security risk mitigation
• Expert in Risk Assessment and Control development
• Experience designing risk and control programs aligned to FFIEC, NIST 800-53, NIST 800-37 and financial services regulatory requirements
• Knowledge of Technology organization business processes and systems
• Experience creating and maintaining threat and risk registers, and explaining residual risk to non-technical audiences
• Expert in creating and maintaining KPIs and KRIs
• Prior experience implementing or overseeing cross functional, enterprise wide projects and technologies
• Well-rounded understanding of technology, operations, and key business processes
• Demonstrates a strong ability to build and maintain effective relationships with stakeholders by communicating clearly, engaging in proactive collaboration, and leveraging cross functional insights. Aligns relationship building efforts with enterprise goals to accelerate performance and drive strategic results.
• Builds trusted client relationships, whether internal or external, by identifying needs and delivering tailored solutions to enhance the overall client experience.
• Travel: Less than 10%
• Physical demands (ADA): No unusual physical exertion is involved.

Flagstar is an Equal Opportunity Employer

Flagstar provides teammates access to a variety of benefits including medical, dental, vision, life, and disability insurance, as well as a comprehensive leave program. Please click the following link for detailed information: Benefits | Flagstar Bank