GRC Analyst
GRC Analyst, Information Security Department- Central Pacific Bank
Position Function:
Works with Information Security Program Manager and members of the ISD Group, IT team, vendors, and business lines to ensure the bank maintains a strong Information Security Program, including infrastructure & environment, systems, protocols, controls, risk assessments, reporting, and remediation. Executes required duties under the bank’s Information Security Program, including training, testing, monitoring, reporting, remediation, controls and risk assessments, and recommendations.
- Provide advice on new / revised procedures & controls, implementation of new products / systems and other key matters as warranted. Add value to the bank by improving effectiveness of risk management, control, and governance processes.
- Developing and evaluating risk-based audit planning procedures and programs
- Assisting or leading in the execution of functional, operational and governance process audits
- Working with other departments to address issues or gaps identified and follow-up with management to ensure remediation is implemented on a timely basis.
- Liaise with external auditors, regulators, and agencies to the maximum extent consistent with professional standards & commercial confidentiality.
- Performs independent security reviews and assessments, including engagement of periodic external penetration testing and review of frequent internal monitoring, Works with Internal Audit on the bank’s audit of IT general controls and Information Security Program.
- Monitor security access authorities for GLBA systems and application, inclusive of periodic reviews of authorities in relation to roles and assigned tasks.
- Assess and report the effectiveness of internal control systems & their compliance with rules, procedures, applicable laws & local regulations.
- Developing preliminary findings and practical solutions or recommendations to improve the Group's internal control environment.
- Reports significant security events to the Information Security Officer; works with Information Security Officer to prepare annual Information Security Report and reports for I.T. Steering, Management, Audit & Risk Committee, and the Board.
- Works with third parties, consultants, internal team, examiners, and auditors to ensure regulatory and legal compliance with applicable laws and regulations; remains current with required legal, regulatory, and bank training.
Minimum Qualifications:
Education:
- S. Diploma or equivalent required.
Licenses/Certification:
- CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) required or in the process of obtaining one of these certifications (or comparable certification).
Physical Requirements & Working Conditions:
- Must be able to move and lift items up to 20lbs and perform other light physical work.
- Must be able to operate standard office equipment, including phone, personal computer, copier, etc.
- Must be able to clearly communicate verbally and in writing with all internal and external customers. Must also be able to hear sufficiently to engage in daily discussions and interactions.
- Must be able to read and understand bank-related documents.
- Must be able to work in a conventional office setting, involving sitting at a desk or workstation for long periods of time. Must also be able to adapt to different work environments as needed to perform the job.
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
Send resumes directly to: Christopher.fabian@cpb.bank (808) 544-3738