Risk and Controls Analyst

---

Job description

Crescent Bank is looking for a talented professional to fill an open position as an Enterprise Risk Management (Second Line of Defense) Risk and Controls Analyst. The Risk and Controls Analyst plays a crucial role in safeguarding against cyber threats and ensuring compliance with industry and regulatory standards, and is responsible for developing and executing a program to assess the effectiveness of the Bank's Information Security processes, tools, and controls. This Analyst will also support the development and execution of the Bank's Third-Party Management governance program, in partnership with line of business vendor managers and will support the Bank's Issue and Event Management programs. The Risk and Controls Analyst reports to the Senior Vice President, Enterprise Risk Management.

Company Profile:
Crescent Bank is a privately owned, state chartered, FDIC insured commercial bank. We have been in business for over 25 years and are located in over 20 states. While our primary business is providing auto loans to those who have a hard time securing a loan, we also provide a variety of personal and business banking services throughout Louisiana. We strive for employee advancement and growth. We offer a wide variety of benefits. Unlike your average bankers, we actually have fun.

• Paid Vacation, Personal, Holiday, Bereavement, and Jury Duty
• Medical, Dental, and Vision Insurance
• AD&D and Multiple Life Insurances
• Long and Short Term Disability Insurance
• Flexible Spending Accounts (Medical and Dependent)
• 401(k) with Company Match
• Tuition Reimbursement
• Free No Fee Savings and Checking Accounts

Essential Duties and Responsibilities:
1. Risk Assessment & Testing:
• Design and conduct risk assessments and testing to identify network and system vulnerabilities and potential security gaps.
• Evaluate existing controls and propose enhancements to mitigate risks.
• Prepare reports and workpapers to ensure that adequate documentation exists to support the completed testing and conclusions.
• Follow up on test findings to ensure that management has taken appropriate corrective action.
2. Security Audits:
• Perform regular security audits, including network, application, and physical security assessments.
• Review access controls, authentication mechanisms, and data encryption practices.
3. Compliance Monitoring:
• Monitor compliance with relevant regulations (e.g., GLBA, FFIEC).
• Ensure adherence to internal policies and procedures.
3. Third-Party Management and Governance
• Own and drive key third-party management activities, in partnership with business vendor managers, including: vendor inventory management, new vendor intake, new vendor risk assessments, and pre-onboarding due diligence.
• Facilitate the ongoing gathering, analysis, and reporting of vendor performance results.
• Coordinate and facilitate ongoing vendor risk assessments and due diligence.
3. Support the Bank's Issue and Event management programs.
4. Other duties as assigned.

Position Requirements:

• Bachelor's Degree, preferably in information systems, computer science or related field or equivalent experience in information systems or IT Audit; at least 2 years of experience as an IT Auditor preferred.
• Familiarity with banking regulations and compliance requirements.
• Familiarity with risk management and testing frameworks.
• Industry certification is preferred, e.g. Certified Information System Security Professional (CISSP), Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
• Understanding of internal control environments within the IT function and general IT controls over financial systems.
• Working knowledge of IT examination standards including those found in FFIEC IT Examination Handbook and FFIEC Cybersecurity Assessment Tool (CAT).
• Working knowledge of cybersecurity frameworks including the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) and Center for Internet Security controls (CIS).
• Advanced interpersonal and written communications skills, including the ability to communicate effectively with both technical and non-technical audiences, and senior leaders.
• Experience building and/or supporting third-party management governance programs preferred.
Skills:
• Strong analytical skills and attention to detail.
• Excellent communication and collaboration skills.
• Ability to track medium to long term initiatives to completion.
• Drives positive change and looks for opportunities to improve.

<!– job description page –>