Full-time

Boston

Division:               Risk                                                                                        
Department:         IT                                                                                            
Reports to:           AVP, IT Risk and Controls Manager         
Status:                 Exempt        
Grade:                 9
Location:             Any major Berkshire Bank location         
      
     
Purpose/Objective:
The IT Risk and Controls Analyst will work with and support the IT Risk and Controls Manager in the testing and maintenance of the IT internal control framework to effectively identify, measure, mitigate, monitor and report on IT risks.
Candidate must have a strong understanding of IT controls and testing, risk and security fundamentals, and IT processes including, but not limited to, Change Management, Asset Management, Patch Management, Vulnerability Management, Logical Access, Disaster Recovery, and Configuration Management. The IT Risk and Controls Analyst will assist in supporting IT Leadership in defining standards, policies, and controls as well as identifying gaps, tracking known findings and assisting with development and tracking of remediation plans. Strong communications with business units including Enterprise Risk Management (ERM), Governance Risk and Compliance (GRC), Information Security and Internal Audit as well as external auditors is required to build strong collaborative relationships.
The IT Risk and Controls Analyst will be focused on testing the controls procedures owned by IT in the GRC tool. The IT Risk and Controls Analyst will report testing results and identified risks to the IT Risk and Controls Manager and will support the IT Risk and Controls Manager in reviewing and improving IT processes as a result.  The IT Risk and Controls Analyst will also assist in the maintenance of the IT Risk Register and with metrics and reporting of risks for the consumption by senior management and risk committees.
 
Key Accountabilities:
  • Completion of testing of IT control procedures in a timely manner.
  • Assist in the completion of the annual review of IT processes, policies, standards, risks, controls, and control tests to ensure that risks are properly identified, accurately risk-rated and mitigated to an acceptable level as determined by the Enterprise Risk Management Program.
  • Work with control owners throughout IT to identify and prioritize appropriate remediation plans, where needed.
  • Support the IT Risk and Controls Manager and IT Risk Management Officer to collaborate with the ERM team to ensure the Annual Risk Assessment is completed in accordance with the overall ERM Program and all applicable approvals are obtained.
  • Assist in the maintenance of the IT Risk Register to ensure it remains up to date with applicable risks.
  • Support IT Leadership with compliance with banking laws, rules, regulations, and prescribed policies/practices/procedures necessary to reduce risk and uphold ethical standards related to and required by one’s duties.
  • Ensures compliance with all banking laws, rules, regulations and prescribed policies and procedures necessary to reduce risk and uphold ethical standards related to and required by one’s duties.
Education:
  • Bachelors Degree in Computer Science/MIS, or Bachelors Degree in Business with course work in the computer field or equivalent work experience
  • CISSP, CRISC, and/or CISA designation preferred
  • Additional relevant certifications and experience will be considered
Experience:
  • Min. 2+ years IT audit and/or risk, security experience
  • Experience in identification and/or development of IT controls as well as assessment of IT controls
  • Familiarity with NIST, ITIL and other relevant security frameworks
  • Understanding of the Sarbanes Oxley (SOX) Act and scoping of IT SOX controls
  • General knowledge of current regulatory guidelines (FFIEC)
  • Previous GRC and/or risk management tools experience preferred
Skills & Knowledge:
  • Analytical/problem solving skills
  • Excellent documentation skills
  • Ability to relate business process to technology
  • Ability to communicate technical materials to non-technical audiences
  • Self-starter; able to work independently AND as part of a team
  • Critical thinker with a compliance and risk aware mentality
 
 
 
Berkshire Bank is an Equal Opportunity Employer - all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin.