Information Technology Security Risk Control Management Analyst

The Information Technology Security Risk Control Management Analyst is a senior-level position focused on identifying, assessing, and mitigating information security risks within the organization. This role encompasses conducting risk control self-assessments (RCSAs), managing risk mitigation strategies, ensuring compliance with relevant regulations, and generating detailed risk reports. The Analyst will collaborate with multiple departments, including IT, Technology Risk Management (TRM), Regulatory Affairs, Legal, and Compliance, to promote cohesive risk management practices throughout the organization. Additionally, the development of metrics and management reports will be a key focus, as this role is vital for safeguarding the organization’s information assets and maintaining data integrity and confidentiality while continuously enhancing risk management and compliance practices.

Key Responsibilities:

• Lead and coordinate the RCSA process to evaluate the effectiveness of current controls, identify gaps, develop new controls, and recommend enhancements.
• Conduct regular risk assessments to identify potential threats and vulnerabilities impacting the organization’s information systems and data.
• Analyze risk data to evaluate the potential impact and likelihood of identified risks.
• Develop and implement strategies and controls to manage and mitigate identified risks, including recommending improvements to security policies and procedures.
• Utilize Governance, Risk, and Compliance (GRC) tools to streamline risk management processes, track compliance, and ensure effective governance across the organization.
• Ensure compliance with relevant regulations, standards, and best practices in information security.
• Assist in responding to security incidents and breaches, including conducting investigations and recommending corrective actions.
• Support the risk decision-making process by applying a risk-based approach.
• Participate in the development and execution of risk treatment plans.
• Prepare comprehensive risk assessment, RCSA, and GRC reports for senior management, highlighting key risk areas and suggesting actionable improvements.
• Collaborate with various departments to ensure cohesive and effective risk management practices.
• Develop and deliver risk control training and awareness programs for staff on information security practices and risk management.

Requirements:

• Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or a related field.
• Strong understanding of information security principles and frameworks.
• Proven experience with risk assessment tools and methodologies.
• Proficiency in leading and facilitating RCSA processes.
• Knowledge of relevant regulations and standards (e.g., NIST, FFIEC, ISO/IEC 27001).
• Expertise in using GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC).
• Effective analytical and problem-solving skills.
• Strong communication and presentation abilities, with the capacity to convey complex concepts to diverse audiences.
• Relevant certifications such as CRISC, CISM, or CISSP are highly preferred.

Natixis is an equal opportunity employer, committed to a workplace free of discrimination. Natixis will not tolerate any form of discrimination based on age, color, mental or physical handicap or disability, pregnancy, marital status, sexual orientation, national origin, alienage, ancestry or citizenship status, race, religion, sex (including sex stereotyping, gender identity, gender expression or transgender status), veteran status, creed, genetic information or carrier status, or any other protected characteristic as established by law.

Respect for all means that we deal with each person as an individual and not as a member of any group. All qualified applicants will receive consideration for employment. Management is expected to provide leadership in supporting the firms EEO program by taking steps to promote EEO in all facets of employment including recruitment, hiring, retention, promotion, performance assessment, and career-development opportunities.

The salary range for the VP position will be between $125,000 -$170,000. Natixis is required by law to include a reasonable estimate of the compensation range for this role. Actual base salary will vary and will be based on several factors including, but not limited to, relevant experience, education, skills set, applicable licensure and certifications, and other business and organizational needs. Base salary is only one component of our total rewards package. Natixis also offers a generous benefits package, and you may be eligible for a discretionary incentive award depending on company and individual performance.