First Citizens Bank
Cyber Risk & Controls Analyst
First Citizens Bank, Raleigh, North Carolina, United States, 27601
Overview
This remote position supports cybersecurity governance by performing risk and control self-assessments (RCSAs), evaluating cybersecurity controls, and supporting key risk management processes. The role helps identify risk and control gaps, assess cyber risks, and recommends improvements to strengthen the organizations cyber posture. The position provides risk analysis, documentation, and control development support across cybersecurity teams, acting as a resource for process owners and contributing to continuous improvement initiatives.
Responsibilities
Perform cybersecurity process level RCSAs in partnership with business function owners and stakeholders
Implement risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards within system of record
Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes
Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements
Perform updates within system of record for inherent and residual risk ratings for process level risks
Perform updates within system of record for control effectiveness and control environment ratings on a regular cadence
Support evaluation of cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards
Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements
Participate in projects, assessments, or escalated tasks requiring risk and control expertise
Qualifications
Bachelors degree and 6 years of experience in cybersecurity, risk management or a related field or High School Diploma or GED and 10 years of experience in cybersecurity, risk management or a related field
Experience performing risk assessments and RCSAs for technology, information security or cybersecurity field
Working knowledge of cybersecurity processes including appropriate risk, controls, and risk taxonomies
Experience with frameworks such as NIST CSF, NIST SP 800-53 and mapping controls to such frameworks
Ability to write clear, actionable risk and control descriptions and assessment findings
Strong analytical, documentation, and communications skills with attention to detail
Ability to work collaboratively with technical and non-technical stakeholders
Preferred
6 years of direct experience in cybersecurity risk or risk and control assessment
Experience supporting cybersecurity programs within a large financial institution or regulated environment
Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC
Understanding of threat landscapes, IT processes, and common control frameworks
Experience supporting process improvements, control rationalization, or evidence evaluation
The base pay for this position is generally between $102,000 and $157,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.
This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants
Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.
#J-18808-Ljbffr
Responsibilities
Perform cybersecurity process level RCSAs in partnership with business function owners and stakeholders
Implement risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards within system of record
Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes
Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements
Perform updates within system of record for inherent and residual risk ratings for process level risks
Perform updates within system of record for control effectiveness and control environment ratings on a regular cadence
Support evaluation of cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards
Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements
Participate in projects, assessments, or escalated tasks requiring risk and control expertise
Qualifications
Bachelors degree and 6 years of experience in cybersecurity, risk management or a related field or High School Diploma or GED and 10 years of experience in cybersecurity, risk management or a related field
Experience performing risk assessments and RCSAs for technology, information security or cybersecurity field
Working knowledge of cybersecurity processes including appropriate risk, controls, and risk taxonomies
Experience with frameworks such as NIST CSF, NIST SP 800-53 and mapping controls to such frameworks
Ability to write clear, actionable risk and control descriptions and assessment findings
Strong analytical, documentation, and communications skills with attention to detail
Ability to work collaboratively with technical and non-technical stakeholders
Preferred
6 years of direct experience in cybersecurity risk or risk and control assessment
Experience supporting cybersecurity programs within a large financial institution or regulated environment
Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC
Understanding of threat landscapes, IT processes, and common control frameworks
Experience supporting process improvements, control rationalization, or evidence evaluation
The base pay for this position is generally between $102,000 and $157,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.
This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants
Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.
#J-18808-Ljbffr