Logo
First Bank

GRC ANALYST- CORP. IT SECURITY - FIRSTBANK PR

First Bank, PR, United States

GRC ANALYST- CORP. IT SECURITY - FIRSTBANK PR

Governance, Risk & Compliance (GRC) Analyst

Our Company

At FirstBank PR, we strive to be a trusted advisor to our clients and our employees are the ones that ensure we deliver on our promise of excellence in personalized customer service. Our more than 3,100 employees in Puerto Rico, the Virgin Islands and Florida share a passion for excellent customer service.

A Brief Overview

The purpose of the Governance, Risk and Compliance (GRC) Analyst is to assist the Corporate Security Office (CSO) in assessing, prioritizing, reporting, and driving remediation strategies across the Corporation. This role will work analyzing and implementing multiple frameworks and regulatory standards including, but not limited to, ISO 27001, NIST800-171, NIST800-53, NIST CSF, GLBA, and SOX. This individual will liaise with all business groups including Finance, Legal, Audit, HR, and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.

What you’ll do

This position will assist the GRC Manager in maintaining the GRC Program from end-to-end. Core functions include:

  1. Assists in the development/update of IS policies, procedures, standards, and guidelines related to information security.
  2. Assists in maintaining the Corporate Information Security strategy and Information Security Program in accordance with internal policies, laws/regulations, and industry best practices.
  3. Monitors compliance with the Information Security Program and provides support to the Corporate Security Office preparing reports for GLBA, Audit Committee, and the Board of Directors.
  4. Supports the CSO with IS monitoring metrics such as KRIs/Scorecards/Dashboards.
  5. Supports the CSO preparing and maintaining IS Self-Assessments to identify potential information security risks.
  6. Participates in all information security related internal/external audit meetings.
  7. Follows up on outstanding IT and Business Integration Group (BIG) audit and regulators observations and other risks to ensure proper resolution.
  8. Recommends corrective actions and obtains commitments to correct deficiencies.
  9. Participates in special projects and research as it relates to Corporate Security.
  10. Provides support reviewing IT Security Controls and effective monitoring processes.
  11. Provides support during the preparation of the Security awareness training.
  12. Responsible for the proper documentation of Corporate Security Related vendors following the Vendor Management Policy.

Other Responsibilities

  1. Performs other tasks as requested by the Corporate IT Security Manager.
  2. Performs/Supports highly technical tasks such as systems and procedures review and implementation, policies awareness training, special investigations (forensic), and root cause analysis process.
  3. Monitors compliance with continued education requirements.
  4. Safeguards information related to his/her duties.

What You’ll Need to Succeed

A Bachelor’s degree in Information Systems or Computer Science related field, and at least three (3) to six (6) years of experience in a similar job is required, or equivalent combination of education and experience sufficient to successfully perform the essential functions of the job.

  1. Excellent verbal and written communication skills in English and Spanish.
  2. Proficient in Computer Technology.
  3. Proficient knowledge of Information Security Frameworks such as COBIT 5, ISO 27000, NIST, and others is required.
  4. Strong knowledge in IT Controls and how to comply with control objectives.
  5. Strong interpersonal communication, leadership, and team skills.
  6. Able to work in a team-oriented, highly demanding, and fast-paced environment.
  7. Strong analytical skills (analytical thinker) and self-starter.
  8. Proficient in EXCEL, WORD, OUTLOOK, POWER POINT.
#J-18808-Ljbffr