What sets Bank of the West apart from other banks is our team members–they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values-straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity – an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines – Retail Banking, Commercial Banking, National Finance, and Wealth Management.

Enterprise Information Security Risk Management Analyst - Senior

Purpose Statement:

Responsible for performing risk management analysis primarily through completion of Enterprise Information Security Vendor assessments by working closely with individual Business Units, the Third Party Program Office, and Contract Administration

Essential Job Functions:

·  Work closely with Third Party Program Office and Contract Administration to provide Enterprise Information Security Risk Assessment support for security vendor assessments

o  Perform security assessments of vendors and third parties according to risk

o  Coordinate with Security Engineering/Architecture to determine mitigating controls or other recommendations on an as-needed basis

o  Identify/track the corrective action through third party and vendor findings as required

o  Lead on-site security assessments at selected third party and vendors

o  Prepare comprehensive reports on results

· Research industry trends and best practices as noted through organizations such as BITS, ISO, and COBIT

· Improve security processes through the identification and assessment of emerging third party management risks, corporate and regulatory standards, and comparison of the Enterprise Information Security’s vendor risk assessment program capabilities to industry standards

Other Job Function:

· Participate in audit response management and provide ongoing guidance to achieve and maintain security compliance

· Provide expertise and coordinate with other subject matter experts to mitigate information security risks and to correct compliance exposures and gaps

· Mentor junior staff on communication, industry trends, and best practices

Education:

Bachelor’s Degree in Business, Computer Science, Management Information Systems or related field.

Experience:

Eight+ years of experience in Risk Management, Information Security, IT Audit, and/or Compliance.

Preferred Qualifications

· Knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT Architecture, Monitoring, Incident Response and Security Strategy

· Familiarity with the following assessment frameworks/standards:

· ISO/27000 Series

· BITS SIG/SAS-70/SSAE-16

· COBIT/SOX IT Control Testing

· NIST

· Knowledge of security controls for the handling of Personally Identifiable Information (PII) data

· Knowledge of regulations and security compliance requirements affecting financial institutions

· Training in Risk Management or IT Audit Methodology strongly desired

· Technology risk or security certification preferred, e.g. CISSP, CISM, CISA, CRISC or equivalent

Skills

· Ability to exercise sound judgment regarding assessment findings and make effective recommendations to management

· Ability to work effectively on multiple projects within a team structure

· Ability to meet time sensitive deadlines

· Ability to work and achieve goals without constant supervision

· Excellent verbal communication skills

· Excellent written communication skills

· Strong interpersonal skills

Contact: Kim Johnson