Founded in 1908, CIT (NYSE: CIT) is a financial holding company with more than $65 billion in assets. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has more than $30 billion of deposits and more than $40 billion of assets. It provides financing, leasing and advisory services principally to middle market companies across a wide variety of industries primarily in North America, and equipment financing and leasing solutions to the transportation sector. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A.
The Information Risk Assessment Associate/Analyst is responsible for performing information/cyber risk assessments and due diligence as a member of the Information Risk Department.
Successful candidate will:
o Demonstrate advanced understanding of information/cyber risk controls and controls testing methodology
o Identify and evaluate information/cyber risks, controls which mitigate risks, and opportunities for control improvement
o Understand risk management processes, perform risk assessment and prepare related reporting
o Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
o Assist with issue management to ensure issues are managed to closure
o Other duties as required (e.g. regulatory/audit support, metrics/reporting)
o Bachelor’s Degree in Information Systems, Cyber Security or other related field; or equivalent work experience
o Minimum of 2 years of professional experience in Technology Risk, IT Audit, Information Security, and/or Vendor Risk Management
o Self-motivated individual with excellent written and verbal communications skills
o Able to objectively assess vendor or internal control environment, and provide recommendations to mitigate risk
o Experience in control areas such as information security, data privacy, technology platform vulnerability, operations, service delivery, business continuity, etc.
o Experience with financial industry vendor/third party management regulatory requirements and regulations
o Experience/knowledge of SSAE 16 SOC reports, ISO certification and other independent attestation report for service providers
o Familiar with industry standard risk assessment methodology (e.g. NIST 800-30)
o Experience with Governance Risk and Compliance (GRC) tool is a plus
o Strong analytical skills with solid working knowledge of MS Excel, PowerPoint, Word and Project