IT Compliance Analyst – IT Compliance & Regulatory Team

• Provide support in relation to the interpretation and implementation of applicable IT regulations and act as liaison with stakeholders 
• Prepare gap analyses in respect of regulatory requirements related to IT or that require the involvement of the IT Department 
• Coordinate in a timely manner mandatory IT self-evaluations and external IT audits (e.g. but not limited to SWIFT Customer Security Programme, TARGET2 Attestation, and audits required pursuant to PSD2) 
• Act as liaison with the internal or external auditors related to IT
• Monitor / track IT deliverables pertaining to IT regulatory requirements and IT audit remediation plans
• Assist in dealing with IT related queries / questionnaires from audit, counterparties and supervisory authorities in a timely manner 
• When needed assist in Bank-wide projects to ensure that new or existing legal or regulatory requirements involving IT elements and/or IT changes are met 
• Keep abreast of evolving IT regulatory and IT security regulatory issues concerning the IT sphere 
• Prepare and maintain policies, procedures and processes owned by the Bank’s IT Department 
• Preparing outsourcing related documentation related to the procurement of new IT services and/or infrastructure 
• IT third party service provider monitoring (incl. outsourcing)
• Maintaining IT Risk Register, IT Calendar and other departmental document inventories
• Support in the monitoring of the team’s outsourced function which is involved in security operations, including:
  • Support with tickets raised by the security operations function in relation to application and network events and definition related alerts
  • Support in updating documentation and risk assessments related to monitoring of security relevant event logs
  • Record keeping of events, alerts and materialized IT incidents
  • Helping remediate detected vulnerabilities to maintain a high-security standard
  • Support IT Operations in IT incident triaging and response for occurrences which are related to security events
  • Together with the outsourced function monitor the Asset Lifecycle and End-of-Life / End-of-Support Management for the Bank’s various systems and applications by building a database of security sources and subscriptions to receive security vulnerability alerts 
  • Monitoring of  anti-malware  and  vulnerability  scans  aimed  at  continuous  vulnerability assessment and remediation
  • Liaise with the outsourced function in relation to website cloning monitoring activities
• Maintain security baselines and hardening guidelines as well as other Security Operations related documentation 
• Work   within   the   IT Department to perform security hardening or other improvement spot checks of the IT enterprise architecture, throughout the year
• Monitoring of the latest cyber security trends with the aim of maintaining a near-real-time cyber-security picture
• Circulation of identified security trends (monthly newsletters) and IT Departmental news to keep Bank staff informed accordingly 
• Involvement in penetration testing efforts and vulnerability assessments, carried out by an external service provider
• Possibly coordinate with HR and take the lead for Bank staff IT related training requirements (including on cyber security), cyber-security monthly newsletter and staff security skills
• Creation of cyber security scenarios and applicable emergency response plans
• Exert IT Governance oversight on IT Operation tasks including:
  • Call Monitoring Tasks
  • BCM Tests
  • IT Business Impact Analysis Scenarios (in consultation with IT Security Analyst)
  • Incident monitoring / logging
  • Service Desk Request Monitoring for suspicious trends
  • Replication Checks
  • Backup Completeness
  • Coverage Checks for Security Related Software Agents
• Assist in business analysis tasks
  • Business requirement understanding and documentation
  • Software testing
  • UAT planning and coordination
  • Business sign-offs

Qualifications / Skills:

• IT audit experience is considered an asset
• Good English written and oral communication skills
• Strong command of verbal and written English 
• Ability to work under pressure and prioritize
• Ability to work on own initiative, self-starter and self-motivated
• An enthusiastic, reliable team player
• Critical thinking skills, excellent analytical, and reporting capabilities
• Problem-solving skills
• Ability to communicate effectively and clearly, have excellent listening skills  
• Attention to detail and ability to think logically, out-of-the box
• Some project management experience is considered an asset 
• Strong Excel skills are desirable
• Two years working experience in a similar role or equivalent experience and know-how
• Some experience in IT Security or IT Compliance audits is considered an asset
• General understanding of Banking is preferred
• Experience in policy and procedure writing
• Experience coordinating projects involving multiple stakeholders
• Project management certification is considered an asset
• CISO, CISA, CISSP are all deemed valuable when considering applicants