To perform functions related to Information Security and Risk Assessment and Controls Monitoring to ensure compliance with RBS Global Information Security policy and regulatory requirements across all business units within RBS Securities, North America.
The primary responsibilities of the Information Security / FFIEC Risk Assessor (SLC) position are:
"It is the policy of The Royal Bank of Scotland, PLC to provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity or expression, disability, genetic information, pregnancy, veteran or military status, marital or domestic partner status, or any other factor protected by federal, state, and/or local laws."
- Interview, gather, review, analyze and author Data Flow Diagrams and other corresponding Business flow charts to aid in Risk Assessment
- Gather relevant information and documentation, review and determine the scope of applicability for respective Risk Assessments
- Perform Application and Infrastructure security risk assessments for applications, applying the Risk Assessment standards established and generate required documentation according to the process defined.
- Maintain an up-to-date task list in the risk assessment queue and provide regular status reports on progress.
- Interface regularly with staff from various departments (e.g. IT, Operational Risk, Internal Audit, Legal and Compliance), to gather materials and information for security evaluation process, communicating risks found and assist in remediation plan development.
- Track and report on remediation activity status and/or insure that risks not remediated are communicated to the ARM team for inclusion in the risk register.
- Assist in the development of additional controls monitoring tools, reports, processes. Perform periodic self-certification testing on the IT/IS environment.
- Perform other duties, as assigned.
- Bachelor’s Degree or equivalent experience in Information Technology
- 5+ years experience in Information Security with minimum 3 years hands-on experience in any of the security roles of Network, Operating System, Application or Database administration combined with Risk Assessment responsibility
- Financial Industry Regulatory requirements and specifically FFIEC security requirements
- Excellent problem solving, analytical, communication, organization, task and time management skills
- Industry certifications a plus (CISSP, CISA, CISM, CEH)
- Previous experience in a Financial Services firm a plus
“Employer immigration sponsorship not available for this role.”