Governance & Risk Analyst II- Technology

Governance and Risk Management Analyst II

***Remote. Must sit in AL, MS, GA, TX, FL, TN, KY, AR, MO, or LA***

Summary

In today’s rapidly evolving financial and regulatory landscape, managing IT risk and compliance is more critical than ever. The Governance, Risk & Compliance (GRC) Analyst II will play a key role in strengthening the Bank’s risk management framework by ensuring IT risks are effectively identified, assessed, and mitigated. This role requires a solid foundation in IT risk management, compliance, and control testing, with the ability to contribute to more complex assessments and remediation efforts.

This position will conduct IT risk assessments, perform control testing, and support regulatory and internal compliance initiatives to reinforce a strong risk culture across the organization. Additionally, the Analyst II will play an active role in developing reports that provide leadership with valuable insights into the organization’s IT risk posture, collaborating with key stakeholders to enhance risk management strategies.

Success in this role requires strong analytical skills, attention to detail, and the ability to collaborate across teams, ensuring IT risk management aligns with both regulatory expectations and the Bank’s strategic objectives. As a Level 2 position, this role will involve responsibilities for contributing to process improvements and supporting complex risk initiatives.

Essential Job Duties

• Identify, assess, and work with IT business partners to mitigate IT-related risk.
• Track and follow up on open IT risk issues and exceptions, ensuring timely remediation and proper documentation, escalating overdue items to management.
• Investigate and research open risks to gain an understanding of potential threats, assisting and supporting stakeholders in resolution efforts.
• Perform IT control testing as part of the Bank’s risk assessment methodology, including collecting and analyzing evidence to assess the effectiveness of IT controls.
• Work with internal auditors and external examiners to support evidence collection.
• Execute simulated phishing campaigns to test employee awareness and improve cybersecurity posture.
• Analyze phishing campaign results and provide insights for security awareness training initiatives.
• Assist in maintaining and administering the Bank’s Governance, Risk, and Compliance (GRC) system, including supporting enhancement requests and system improvements.
• Participate in risk-related projects, contributing to process enhancements and automation initiatives.

Core Competencies

• Risk Management Expertise – Ability to identify, assess, document, and mitigate IT risks, integrating risk assessment outcomes into decision-making.
• Analytical Thinking – Strong analytical skills to evaluate potential risks, assess impacts, and identify areas for improvement.
• Effective Communication – Clear and concise communication with stakeholders, ensuring transparency in risk management processes.
• Attention to Detail – Accuracy in assessing risks, documenting controls, and ensuring compliance with policies and regulations.
• Collaboration & Teamwork – Works effectively with cross-functional teams, bridging communication gaps between technical and non-technical stakeholders.
• Organizational Skills – Ability to manage multiple risk initiatives simultaneously, track deadlines, and maintain documentation efficiently.
• Problem-Solving Skills – Proactively addresses issues, identifies root causes, and assists with remediation efforts.
• Knowledge of IT Frameworks & Regulatory Requirements – Familiarity with frameworks such as FFIEC, GLBA, SOX, NIST 800-53, ISO 27001, and PCI DSS, with the ability to apply them effectively in various contexts.
• Adaptability & Flexibility – Ability to adjust plans and respond to changing priorities, especially in dynamic risk environments.

Minimum Qualifications

• 1-3 years of experience in IT risk management, compliance, audit, or a similar role (banking/financial services preferred).
• Knowledge of regulatory requirements such as FFIEC, GLBA, SOX, NIST 800-53, ISO 27001, and PCI DSS, regulatory requirements, and risk management processes in a financial institution.
• Experience with risk registry management, IT control testing, and compliance monitoring.
• Proficiency in Microsoft applications, including Excel, PowerPoint, and Word; experience with Visio, Power BI, or other data visualization tools is a plus.
• Prior experience with GRC tools and risk assessment methodologies preferred.
• Ability to travel up to 10% annually.
• High integrity, professionalism, and ability to handle sensitive information with discretion.

The above statements are intended to describe the general nature and level of the work being performed by people assigned to this work. This is not an exhaustive list of all duties and responsibilities. Cadence Management reserves the right to amend and change responsibilities to meet business and organizational needs as necessary.

Cadence Bank is an affirmative action/equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, age, status as a protected veteran, among other things, or status as a qualified individual with disability.