IT Risk Analyst
First Commonwealth Bank

Maintains a high skill level of risk management and systems knowledge as it relates to the overall corporate technology environment. Is primarily responsible for conducting the Information Technology (IT) risk assessment processes which includes asset identification, threat identification, mitigating control identification and reporting of the IT asset's inherent and residual risk ratings across all Information Technology assets of the organization. Responsible for ensuring all IT assets (includes in-house software, hardware, data, third party hosted software/services, third party hosted data and third party developed APIs) are identified and documented within the IT asset inventory/risk assessment for the proper reporting of IT risk at an asset based level. Will work closely with various department subject matter experts to ensure that Technology risks are appropriately identified and mitigating controls are effectively established, documented and managed across all Information Technology assets. Responsible for conducting IT asset based risk assessments on a cycle basis to help identify recommendations for the treatment of risk not within the organization's risk appetite thresholds. Duties include report development against IT asset inventory systems, conducting IT risk assessments at an asset based level, risk reporting, IT risk management policies and procedures development and administration of the existing IT asset based risk assessment solution. The candidate will also act as an intermediary between the Information Technology area and internal/external auditors to assist in the coordination and collection of IT audit documentation requests from various departments within the organization to ensure responses are received and delivered in a timely manner. Responsibilities also include facilitating the change management documentation review process to ensure that changes for IT systems and services are properly documented, approved and adhere to the existing change management policies and procedures.

Essential Job Responsibilities__________________________________

1. Conducts risk assessments at an Information Technology asset based level to identify the threats, mitigating controls and assign inherent and residual risk ratings.

2. Performs administration and maintenance activities associated with the IT asset based risk assessment solution and processes.

3. Develops and maintains IT asset inventory reports used to create the scope of the IT asset based risk assessment.

4. Assists in developing and maintaining IT risk management policies and procedures.

5. Develops IT risk assessment reporting and status updates for management and committees.

6. Works with various department subject matter experts to identify, analyze and assess key risk scenarios and support stakeholders with risk analysis and reporting.

7. Reviews and recommends suitable and appropriate, cost-effective controls or counter measures to address key technology risks not within the organization's risk appetite.

8. Stays informed about emerging threats and vulnerabilities within the IT landscape.

9. Acts as an intermediary between internal and external audit to coordinate and prepare audit documentation requests from various departments in a timely manner.

10. Assists in the receipt, logging, and initial assessment of change requests to ensure they are complete and accurately documented.

11. Facilitates communication between change requestors, IT teams and other stakeholders to ensure all parties are following the change management policies and procedures accurately.

12. Monitors and reviews the results of implemented changes to ensure the required documentation is obtained while also identifying opportunities for potential improvements.

13. Develops and cultivates effective relationships with other departments, vendors, and within the Technology Group.

14. Maintains in depth knowledge of the technology assets used within the corporation and foreseeable IT threats in order to accurately identify potential risks and mitigating controls.

15. Completes assigned tasks within established timelines and specifications.

Bona Fide Occupational Qualifications___________________________

1. A bachelor's degree or equivalent experience is required.

2. A minimum of two (2) years related experience in Information Systems, IT Risk and/or Information Security practices.

3. A valid certification such as CISA and/or CRISC is preferred.

4. In depth technical knowledge of the assigned systems and how the technical functions relate to processing is necessary.

5. Proficient reading, writing, and grammatical skills are critical, as are analytical and mathematical skills. Excellent written and oral communication, organizational, and interpersonal relations skills are also required.

6. A valid driver's license and the ability to travel are required.

7. May be eligible for telecommuting.



Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)