Cyber Security Analyst

Skills

• Bachelor's degree and 10+ years of experience with Finance Risk Management Cybersecurity Computer Science or a related field. Master's degree is preferred. • In depth knowledge of information security and technology principles in a highly regulated environment. • Knowledge and use of FAIR risk quantification methodology in a prior role. • Background in creating and presenting to different levels and audiences across an organization. • Understanding of risk management practices including understanding of risk definitions development of controls and issue management. • Strong ability to analyze processes and data for trending and recommend enhancements. • Effective communication skills with a demonstrated ability to engage influence and drive collaboration across stakeholders. • High degree of organization individual initiative and personal accountability in a fast-paced environment. Inclusive of ability to make decisions in an ambiguous environment. • Knowledge of regulatory guidance for Third-Party Technology and/or Cybersecurity functions. • Knowledge of external frameworks for technology and/or cybersecurity (NIST ITIL COBIT Shared Assessments etc.). • Understanding of risk management principles in a highly regulated organization including risk identification risk treatment and risk measurement. Ability to train decision makers on calibrated probability assessments. • High level of speaking and writing skills. • Proficiency in risk management tools and systems as well as advanced proficiency in Microsoft Office Suite particularly Word Excel and PowerPoint. • Professional certification in Project Management Technology and/or cybersecurity (FAIR CISM CRISC CISSP PMP etc.). Knowledge of three lines of defense model in a financial services setting. • Experience with the Factor Analysis of Information Risk (FAIR) quantification methodology desired but not required.

Description

Western Alliance Bank Corporation is currently seeking a highly qualified and experienced Second Line of Defense Technology (IT) and Information Security (IS) Senior Analyst to join our IT/IS and TPRM risk management team in the second line of defense. The successful candidate will take on supporting IT/IS risk management functions. Duties would include reviewing first line controls for completeness, assisting with targeted risk assessments, issue management, and risk reporting in technology and cybersecurity. This person would help develop reporting and trends for IT & IS. This position offers an exciting opportunity to contribute to the bank's risk management framework and play a key role in safeguarding our institution against technology, information security and third- party risks.

Responsibilities

• • Monitor external industry trends and regulatory changes that may impact areas of risk oversight (Technology and Information Security).
• • Perform triage and detailed FAIR risk analysis using the Birdseye platform to effectively scope and analyze loss event scenarios at scale.
• • Apply internal and external data as well as calibrated estimation techniques to support FAIR analysis.
• • Evaluate risks and use strong knowledge of control categories and their effect on loss exposure to make informed recommendations for risk mitigation strategies to the business.
• • Interpret analysis results and effectively communicate their meaning to decision-makers and other invested stakeholders.
• • Build and help manage the organization's risk registers to monitor risks and track their mitigation activities with the associated risk owners.
• • Help define KPIs and KRIS to be actively used in decision making.
• • Work with the Birdseye platform to monitor and regularly update loss tables and data helpers within the Birdseye platform to support efficiency and consistency of risk analyses.
• • Coordinate data-gathering initiatives to improve measurement precision.
• • Socialize the FAIR risk quantification program and promote its adoption among internal stakeholders and Leadership.
• • As needed this role would engage with appropriate first, second, and third-line stakeholders to ensure effective communication and coordination between the three lines of defense.