Founded in 1908, CIT (NYSE: CIT) is a financial holding company with approximately $50 billion in assets as of Dec. 31, 2017. Its principal bank subsidiary, CIT Bank, N.A., (Member FDIC, Equal Housing Lender) has approximately $30 billion of deposits and more than $40 billion of assets. CIT provides financing, leasing, and advisory services principally to middle-market companies and small businesses across a wide variety of industries. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A. For more information, visit cit.com.
The Information Risk Assessment Associate/Senior Analyst is responsible for performing information/cyber risk assessments and due diligence as a member of the Information Risk Department.
Successful candidate will:
o Demonstrate advanced understanding of information/cyber risk controls and controls testing methodology
o Identify and evaluate information/cyber risks, controls which mitigate risks, and opportunities for control improvement
o Understand risk management processes, perform risk assessment and prepare related reporting
o Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
o Assist with issue management to ensure issues are managed to closure
o Other duties as required (e.g. regulatory/audit support, metrics/reporting)
o Bachelor’s Degree in Information Systems, Cyber Security or other related field; or equivalent work experience
o Minimum of 2 years of professional experience in Technology Risk, IT Audit, Information Security, and/or Vendor Risk Management
o Self-motivated individual with excellent written and verbal communications skills
o Able to objectively assess vendor or internal control environment, and provide recommendations to mitigate risk
o Experience in control areas such as information security, data privacy, technology platform vulnerability, operations, service delivery, business continuity, etc.
o Experience with financial industry vendor/third party management regulatory requirements and regulations
o Experience/knowledge of SSAE 16 SOC reports, ISO certification and other independent attestation report for service providers
o Familiar with industry standard risk assessment methodology (e.g. NIST 800-30)
o Experience with Governance Risk and Compliance (GRC) tool is a plus
o Strong analytical skills with solid working knowledge of MS Excel, PowerPoint, Word and Project