CIT Group Inc.

Sr. Analyst, Cyber Security Review - Third Party IT Risk

Location US-NJ-Livingston | US-AZ-Phoenix
Job ID
# Positions
Job Family
Risk Management - IT Risk Information Security


CIT is a leading national bank focused on empowering businesses and personal savers with the financial agility to navigate their goals. CIT Group Inc. (NYSE: CIT) is a financial holding company with over a century of experience and operates a principal bank subsidiary, CIT Bank, N.A. (Member FDIC, Equal Housing Lender). The company's commercial banking segment includes commercial financing, community association banking, middle market banking, equipment and vendor financing, factoring, railcar financing, treasury and payments services, and capital markets and asset management. CIT's consumer banking segment includes a national direct bank and regional branch network. Discover more at


The Sr.Cyber Review Analyst will be an individual contributor on CIT's Cyber Review team and report to the Director of Cyber Review. The Sr. Analyst will be responsible for facilitating information gathering from Third Parties for due diligence; and performing the subsequent reviews of the materials.  The ideal candidate will possess strong analytical skills with the ability to think critically and question the information gathered.  Strong communication skills, especially in the area of writing will be needed as the individual will need to create reports on their findings.


  • Demonstrate advanced understanding of information security controls related to vendor risk management and related standards
  • Identify and evaluate vendor technology risks, controls which mitigate risks, and opportunities for control improvement
  • Understand overall vendor risk management processes, perform vendor/third party due diligence review and prepare related reporting
  • Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
  • Assist with issue management to ensure issues are managed to closure
    Other duties as required (e.g. infrastructure/application assessments, regulatory/audit support, metrics/reporting)


  • Bachelor’s Degree, preferably in Information Systems, Computer Science, a related field or minimum of 2 years equivalent work experience in Technology Risk, Information Security, IT Audit and/or Vendor Management
  • Self-motivated individual with excellent written and verbal communications skills
  • Able to objectively assess vendor or internal control environment, and provide recommendations to mitigate risk
  • Familiar with controls around Information Security, Data Privacy, Operations, Service Dellivery, or Business Continuity
  • Strong analytical skills with solid working knowledge of MS Excel, PowerPoint, Word and Project
  • Experience/knowledge of SSAE 16 SOC reports, ISO certification and other independent attestation report for service providers is preferred.
  • Knowledge of industry frameworks such as NIST 800-30, ISO 27002, or FFIEC booklets are a plus


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed