IT Risk and Compliance Analyst

$80,000 - $100,000/Yr

Washington Federal - Seattle, WA

posted 4 months ago

Full-time - Mid Level
Seattle, WA
Credit Intermediation and Related Activities

About the position

We are seeking an experienced IT Risk and Compliance Analyst to join our team at WaFd Bank. In this role, you will support the organization's IT risk management and compliance programs. This includes identifying, assessing, and mitigating risks to the IT environment and ensuring compliance with relevant regulations, standards, and policies. The role also involves collaborating with various stakeholders to implement and maintain a robust IT governance framework. Along with the key functions listed below, this position will be expected to uphold the value WaFd Bank places on simply being nice when servicing our colleagues and clients. As an IT Risk and Compliance Analyst, you will develop, support, and maintain an IT risk management framework, including policies, procedures, and control mechanisms, to identify, assess, mitigate, and monitor IT risks across the organization. You will conduct regular risk assessments, gap analyses, and control testing to evaluate the effectiveness of IT controls and identify potential threats to the IT environment and areas for improvement. Collaboration with IT, business units, and other stakeholders will be essential to implement risk mitigation strategies and remediation plans for identified control deficiencies. You will also provide support with third-party risk management activities and administration, including compliance documentation collection, contract reviews, contract negotiation, and technology cost analysis. In terms of compliance, you will ensure IT processes adhere to and maintain compliance with relevant laws, regulations, and industry standards such as FFIEC, GLBA, SOX, and data privacy regulations like CCPA. Staying current with changes in relevant laws, regulations, and industry best practices will be crucial to ensure the organization remains compliant. You will perform regular compliance reviews and assessments, coordinate with internal and external auditors, and develop and maintain IT compliance documentation, including policies, procedures, and guidelines. Additionally, you will assist in the development and maintenance of the IT governance framework, monitor adherence to IT governance policies and procedures, and report non-compliance. You will also develop and deliver training programs to educate employees on IT risk management and compliance practices. In the area of incident management, you will assist in the investigation and review of IT incidents and problems, coordinate with stakeholders to implement corrective actions and preventive measures, and conduct Post Incident Reviews. Your responsibilities will also include evaluating and enhancing internal controls over IT systems and processes, preparing and presenting risk and compliance reports to senior management, and maintaining detailed records of risk assessments, compliance audits, and incident investigations. This role is critical in ensuring that IT controls are effectively designed and operating as intended, thereby supporting the overall risk management and compliance objectives of WaFd Bank.

Responsibilities

  • Develop, support, and maintain an IT risk management framework, including policies, procedures, and control mechanisms.
  • Conduct regular risk assessments, gap analyses, and control testing to evaluate the effectiveness of IT controls.
  • Collaborate with IT, business units, and other stakeholders to implement risk mitigation strategies and remediation plans.
  • Provide support with third-party risk management activities and administration, including compliance documentation collection and contract reviews.
  • Monitor and report on the effectiveness of risk management activities.
  • Design, build, and maintain key risk and performance indicators to measure the department's effectiveness.
  • Ensure IT processes adhere to and maintain compliance with relevant laws, regulations, and industry standards.
  • Perform regular compliance reviews and assessments.
  • Help coordinate with internal and external auditors, providing necessary documentation.
  • Facilitate the reviews of IT Audit Management Responses with the IT Leadership team.
  • Develop and maintain IT compliance documentation, including policies, procedures, and guidelines.
  • Assist in the development and maintenance of the IT governance framework.
  • Monitor adherence to IT governance policies and procedures and report non-compliance.
  • Develop and deliver training programs to educate employees on IT risk management and compliance practices.
  • Assist in the investigation and review of IT incidents and problems.
  • Coordinate with stakeholders to implement corrective actions and preventive measures.
  • Conduct Post Incident Reviews and follow up on remediation activities and reporting.
  • Evaluate and enhance internal controls over IT systems and processes.
  • Prepare and present risk and compliance reports to senior management and relevant committees.
  • Maintain detailed records of risk assessments, compliance audits, and incident investigations.

Requirements

  • Strong understanding of IT systems, controls, security practices, relevant laws, regulations, and industry standards.
  • Excellent analytical and problem-solving skills, with the ability to identify, assess, and mitigate risks effectively.
  • Strong communication and interpersonal skills, with the ability to collaborate with various stakeholders and present complex information clearly.
  • Proven project management and organizational skills, with the ability to manage multiple priorities and meet deadlines.
  • Proficiency in risk management tools and technologies (e.g., GRC software, data analytics tools).
  • Minimum of 3-5 years of experience in IT risk management, IT compliance, or a related field, preferably in the financial services industry.
  • Strong understanding of IT risk management frameworks.
  • Knowledge of regulatory requirements and industry standards relevant to IT risk and compliance.

Nice-to-haves

  • Relevant professional certifications (e.g., Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP)) are preferred.

Benefits

  • Paid time off for vacation, sick days and holidays
  • Health insurance
  • Stock options
  • Bonus programs
  • Generous 7% 401(k) employer matching
  • Paid Parental Leave
  • Life and AD&D insurance
  • Long-term disability
  • Tuition Reimbursement
  • Employee assistance programs
  • Pre-tax health and dependent-care spending plans

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service