CIT Group Inc.

  • Senior Analyst, Cyber Security & Information Risk Assessment

    Location US-NJ-Livingston | US-NY-New York
    Job ID
    # Positions
    Job Family
    Risk Management - IT Risk Information Security
  • Overview


    Founded in 1908, CIT (NYSE: CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit


    The Information Risk Assessment Associate/Senior Analyst is responsible for performing information/cyber risk assessments and due diligence as a member of the Information Risk Department.


    Successful candidate will:

    o Demonstrate advanced understanding of information/cyber risk controls and controls testing methodology
    o Identify and evaluate information/cyber risks, controls which mitigate risks, and opportunities for control improvement
    o Understand risk management processes, perform risk assessment and prepare related reporting
    o Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
    o Assist with issue management to ensure issues are managed to closure
    o Other duties as required (e.g. regulatory/audit support, metrics/reporting) 



    o Bachelor’s Degree in Information Systems, Cyber Security or other related field; or equivalent work experience
    o Minimum of 2 years of professional experience in Technology Risk, IT Audit, Information Security, and/or Vendor Risk Management
    o Self-motivated individual with excellent written and verbal communications skills
    o Able to objectively assess vendor or internal control environment, and provide recommendations to mitigate risk
    o Experience in control areas such as information security, data privacy, technology platform vulnerability, operations, service delivery, business continuity, etc.
    o Experience with financial industry vendor/third party management regulatory requirements and regulations
    o Experience/knowledge of SSAE 16 SOC reports, ISO certification and other independent attestation report for service providers
    o Familiar with industry standard risk assessment methodology (e.g. NIST 800-30)
    o Experience with Governance Risk and Compliance (GRC) tool is a plus
    o Strong analytical skills with solid working knowledge of MS Excel, PowerPoint, Word and Project



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed