Senior IT GRC Analyst

Senior IT GRC Analyst

Innovation and Technology

Hillsboro, Oregon

Vancouver, Washington

Spokane, Washington

Liberty Lake, Washington

Greenwood Village, Colorado

Description

About Us:

At Umpqua, we create a great place to work by offering a unique brand of relationship banking and fostering a culture where associates thrive. We are dedicated to supporting our customers and communities, and we can only achieve this through the dedication of our employees.

We value Trust, Ownership, Growth, Empathy, Teamwork, Heart, Enjoyment, and Relationships, and we are eager to meet candidates who embody these core values. We are always on the lookout for results-focused individuals who can think independently, work collaboratively, and support our broader purpose.

Think of us as financial partners, because at Umpqua, we believe the best way forward is together. Together for people. Together for business. Together for better.

About the Role:

Responsible for leading Cybersecurity and IT governance, risk, and compliance efforts, including the establishment and maintenance of IT operating model and facilitating the development of technology policies and standards.

• Maintain governance documentation detailing how information should be secured including the maintenance and development of internal process/procedure documentation including but are not limited to technology and cybersecurity policies and standards.
• Perform formal risk analysis and self-assessments for technology processes, leveraging industry standards like CIS, ITIL, and COBIT to build a unique program for Umpqua Bank.
• Analyze internal technology and security controls to ensure compliance with documented and approved standards. Ensure that information systems withinenvironmentcomply with company policies, standards, and procedures.
• Drive and provide advisory and subject-matter expertise to technology teams and business units for cybersecurity compliance readiness.
• Responsible for tracking and monitoring gaps in the cybersecurity program. Maintain cybersecurity gap analysis documents; gather necessary information from technology and lines of business to identify areas to improve banking practices.
• Lead the process to identify new assets, perform the risk evaluation process to determine the risk ranking.
• Facilitate and liaise with technology leaders, key corporate risk groups (including Internal Audit, Corporate Compliance, Enterprise Risk Management, Legal) to ensure TAG is aligned with these groups and meeting obligations.
• Develop and maintain securitymetricsand the communication of those metrics to Management.
• Manage vendor relationships to ensure business partner/customer satisfaction with all information system security services. Build and maintain effective working relationships with business partners.
• Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities - knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.
• Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
• Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation P, Regulation CC, Regulation E, Bank Security and other regulations as applicable to this job description.
• May be asked to coach, mentor, or train others and teach coursework as subject matter expert.
• Actively learns, demonstrates, and fosters the Umpqua corporate culture in all actions and words.
• Takes personal initiative and is a positive example for others to emulate.
• Embraces our vision and strategic direction
• May perform other duties as assigned.

About You:

• Bachelor's Degree in computer scienceor equivalent. Required.
• 7-10 years of experience in or a combination of information security, IT audit, or information technology operations. Required.
• Knowledge of risk management processes including internal audit and information security management. Experience evaluating controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).
• Knowledge of systems and network conceptsincluding:access, authorization, configuration, and design.
• Demonstrated understanding of information security conceptsincluding:encryption, access controls, network security, security operations, security architect, threat modeling and design.
• Knowledge of applicable regulatory requirements including PCI DSS, GLBA and HIPAA.
• Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.
• Abilityto anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
• Certifications/Licenses: CISA, CRISC, CISSP, CISM, or SANS GIAC (GSNA, etc.)

Job Location(s): Ability to work fully onsite at posted location(s).

Hillsboro, OR

Vancouver, WA

Spokane, WA

Liberty Lake, WA

Denver, CO

Our Benefits:

We offer a competitive total rewards package including basewagesand comprehensive benefits. Thepayrange for this role is$90,000.00 - $160,000.00,and the pay rate for theselected candidate isdependent upon a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The rolemay beeligible for performance-based incentive compensation and those details will be provided during the recruitment process.

We offer eligible associates comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid vacation, sick days, volunteer days, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly.

Our Commitment to Diversity :

Umpqua Bank isan equal opportunityand affirmative actionemployercommitted to employing, engaging, and developinga diverse workforce.Allqualifiedapplicants will receive considerationfor employmentwithout regard to race, color,national origin,religion, sex, age, sexual orientation, gender identity, gender expression, protected veteran status, disability, or any other applicable protected status or characteristics.If you require an accommodation to complete the application or interview(s),please let us know by email: email protected .

To Staffing and Recruiting Agencies:

Our posted job opportunities are onlyintendedfor individuals seekingemploymentat Umpqua Bank.Umpqua Bank does not accept unsolicited resumes or applications from agencies and Umpqua Bank will not be responsible for any fees related to unsolicited resume submissions.Staffing and recruiting agencies are not authorized to submit profiles, applications,or resumestothis site or toany Umpqua Bank employeeand any such submissionswill be consideredunsolicitedunlessrequesteddirectlyby a member of the Talent Acquisition team.