Associate, Information Security Risk Assessment 8/26/2016
JOB DESCRIPTIONAPPLY Overview: About CIT
CIT (NYSE: CIT) was born in 1908 when Henry Ittleson found a new way to make financing available to businesses in St. Louis, Missouri. Soon CIT was forging paths across the country, into Canada and overseas. But time and experience have produced innovations unimagined a century ago. True to its pioneering legacy, CIT remains an agent of opportunity, providing new resources and fresh perspectives to over one million clients across thirty industries around the globe.
CIT is a financial holding company. It provides financing, leasing and advisory services principally to middle market companies across more than 30 industries primarily in North America, and equipment financing and leasing solutions to the transportation sector. It also offers products and services to consumers through its Internet bank franchise and a network of retail branches in Southern California, operating as OneWest Bank, a division of CIT Bank, N.A.
For more than 100 years, CIT has steadily innovated, providing carefully tailored financing solutions to meet the needs of a changing global economy. Along the way, CIT continually redefined what it means to be a financing partner, providing ideas as well as capital to build businesses - and relationships - that have endured for decades.
Responsibilities: The Associate IT Risk Assessment is responsible for performing information security risk assessment (e.g. vendor/third party, infrastructure) and due diligence as a member of the Information Risk Department. Successful candidate will:
o Demonstrate advanced understanding of information security controls related to vendor risk management and related standards
o Perform on-site review of selected vendor facilities and data centers. Some travelling is required
o Identify and evaluate vendor technology risks, controls which mitigate risks, and opportunities for control improvement
o Understand overall vendor risk management processes, perform vendor/third party due diligence review and prepare related reporting
o Continually look for ways to raise the bar and ensure higher levels of standards across the risk and compliance domain
o Assist with issue management to ensure issues are managed to closure
o Other duties as required (e.g. infrastructure/application assessments, regulatory/audit support, metrics/reporting)
Qualifications: o Bachelor's Degree in Information Systems, Computer Science or other related field; or equivalent work experience
o Minimum of 2 years of professional experience in Information Technology Risk, Information Security, IT Audit and/or Vendor Risk Management
o Self-motivated individual with excellent written and verbal communications skills
o Able to objectively assess vendor or internal control environment, and provide recommendations to mitigate risk
o Experience in control areas such as information security, data privacy, technology platform vulnerability, operations, service delivery, business continuity, etc.
o Experience with financial industry vendor/third party management regulatory requirements and regulations
o Experience/knowledge of SSAE 16 SOC reports, ISO certification and other independent attestation report for service providers
o Familiar with industry standard risk assessment methodology (e.g. NIST 800-30) and vendor assessment framework
o Experience with Governance Risk and Compliance (GRC) tool is a plus
o Strong analytical skills with solid working knowledge of MS Excel, PowerPoint, Word and Project
o Willingness to travel