Information Security Risk Analyst I

This role involves working with teams to manage risk, handle exception requests, and produce reports for risk remediation activities, while ensuring compliance with security and data protection standards. The company values its talent and fosters a culture where individuals can excel and grow in their careers. The ideal candidate for this role is someone who values innovation, growth, teamwork, and has a passion for doing the job right the first time.

TheInformation Security Risk AnalystI works with internal and cross-functional teams to identify, manage, and mitigate areas of risk and is responsible for managing exception requests and producing status reports for risk remediation activities. Facilitates reporting and analysis regarding information security risk, performance and compliance. Utilizes policy and process knowledge, to assess compliance of applications and systems to security standards, procedures, and guidelines and verifies users are in compliance with data protection policies, procedures, and standards.

BOK Financial is a place where your passion for technological innovation is valued and career development is encouraged. The company fosters an environment where unique talents can thrive, achieve high standards, and contribute to prestigious projects. It's an ideal platform to advance your IT career within a vibrant and supportive culture.

• You will conduct third-party risk assessments as per the Vendor Risk Management program guidelines and collaborate with Vendor Risk Consultants to rectify control deficiencies and suggest remediation measures.
• You will create security metrics and compliance reports to validate the efficacy of Information Security and Data Protection controls.
• You will create Information Security KRI scorecards and compile management reports to monitor and control information security risks.
• You will oversee application risk assessments, categorize technology assets based on risk criteria, collaborate with tech owners to assign and annually update risk ratings, and review and update security procedures and questionnaires.

• Advanced knowledge of spreadsheet usage and best practices
• Thorough knowledge and understanding of business unit needs
• Superior planning, technical, organizational, creative and analytical skills
• Excellent ability to foster partnerships
• Demonstrated experience collaborating with external and internal partners; including teamwork with IT and business unit departments
• Useful traits include a responsible attitude, ability to prioritize work, good at planning ahead, remaining calm under pressure, decision-making abilities, IT skills, time management, ability to apply tactful authority, accurate record keeping
• Experience with Information Security and Risk Management control frameworks, FFIEC IT Handbooks, and organizational policies and standards, is recommended.

This level of knowledge is normally acquired through a Bachelor's Degree in Computer Science, Information Assurance, Technology or a related field and 2+ years of experience in Information Security or 3+ years of experience in Information Security or a related technical field, or 5+ years of IT experience. Information Security, Risk Management or Internal Audit certifications are desirable (Security +, CISSP, CISA, CRISC, GIAC)