Security Risk and Compliance Associate - Dallas, United States - Triumph Financial Inc.

    Triumph Financial Inc.
    Triumph Financial Inc. Dallas, United States

    3 weeks ago

    Default job background
    Description
    Position SummaryThe Security Risk and Compliance Associate is a highly respected, influential and in-demand role within the business. The position is responsible supporting the security direction of the business and elevating the company's security posture. The associate is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The associate is also responsible for the planning and design of policies and maintenance.

    The Security Risk and Compliance Associate position reports to the VP, IT Risk & Compliance and assists in the building, support and maintenance of the GRC program.

    The associate will engage in many facets of the information security and GRC programs while providing guidance and functioning as an experienced resource to control owners and business partners.

    The associate will be given the ability to work with various teams to identify risks, deficiencies, create controls and report progress.

    The associate should be someone who works well with others, leads, motivates others and has a passion for GRC.The ideal candidate is technical and possesses at least one year of experience in security, compliance or risk management.

    The role oversees the business' security requirements and obligations mandated by standards and regulations such as the Federal Financial Institutions Examination Council (FFIEC), Gramm-Leach
    • Bliley Act (GLBA), and Sarbanes-Oxley Act (SOX).
    In tandem with security leadership, the associate consistently assesses and validates the assurance of the security program.

    As a primary point of contact for internal and external auditors, the associate monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business.

    As a key member of the security team, the associate must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.

    Essential Duties & ResponsibilitiesAssists in implementing, supporting and maintaining an effective and mature GRC program at TriumphSafeguards information system assets by identifying and solving potential and actual security and risk concernsProtects systems by defining role and attribute-based access privileges, control structures, and resourcesEngages with business partners and team members on risk and compliance issue identification and remediation processesConducts risk and compliance assessments of IT and Security standardsMaintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities.

    Escalate to security management and business unit leads when points of weakness are discoveredExplains security controls with clarity to business and technical usersPerforms Control Self Assessments and communicates deficiencies to control owners and managementAssists in the design, development and remediation of IT general controlsManages exceptions to IT and security policies.

    Prepares GRC metrics and effectively communicates this through Executive level presentation and reporting.

    Coordinates External (SOX, SOC1, SOC2, client and other regulatory) audits and Internal audits Upgrades cyber security program and capabilities by implementing and maintaining security controlsProvides documentation and evidence to respond to auditsContributes to team objectivesExperience & EducationBachelor's degree in Information Security, Information Systems, Computer Science, or equivalent work experienceLess than three years of prior relevant IT risk, IT security and/or IT audit experiencePursuing CISA, CISM, CRISC, or CISSP certificationsCIS 2.0 security and NIST framework controlsFFIEC Cyber Assessment Tool (CAT)Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, SOX, and GLBA.

    Additional experience in one or more of the following:
    SOC1, SOC2, ISO 27001/2, CIS or NIST 800-53Skills & Abilities RequiredAbility to function with limited supervisionStrong interpersonal skillsQuality written and oral communication, and presentation skillsCritical thinking and problem-solving skillsAttention to detail, patience and flexibilityCommitment to operational excellence and continuous process improvementStrategic project management and oversight of milestones and deliverablesKnowledge of IT general controlsSOC Reports (SOC1/SOC2) Type I and IIBank Federal and State Compliance regulationsStrong knowledge of Cybersecurity and its relation to IT deployment and implementationsAgile methodologyKnowledge of Risk, Compliance and Cyber Frameworks, such as, NIST 800-53, CIS, COSO, SANS, ISO, COBIT, ITILIT and security policy, standards and procedures creation and maintenanceIdentity Access Management and Privileged Access Management (IAM and PAM)Role and attribute-based access controls (RBAC and ABAC) Willingness to expand and apply security knowledge, skills, and abilities to department initiatives#LI-JH1