Corporate Security Control Testing Analyst

CORPORATE SECURITY CONTROL TESTING ANALYST

WHAT IS THE OPPORTUNITY?

Serves as the Corporate Security (i.e. Security Systems and Physical Security) subject matter expert (SME) on control testing, quality assurance validation and administration. The Corporate Security Control Testing Analyst will partner with Corporate Security Management (i.e. business owner, technical owner and stakeholders) to develop and document criteria, standards and desktop procedures for testing and validation. Conducts detail assessments/testing of the Corporate Security team processes and workflows to validate 1LOD team is compliant with regulatory requirements, Bank's policies and Corporate Security policy, standards and procedures. This colleague will be responsible for risk identification, assisting in assessing and mitigating identified risks, and reporting. This colleague will be responsible for coordinating and documenting team's risk working group and committee meetings. The Corporate Security Control Testing Analyst will be responsible for Corporate Security's 1LOD Quarterly Risk Reporting (QRR) and other regulatory and audit responses and documentation.

• Responsible for executing Control Assessments (i.e. Testing) that evaluate the design and operating effectiveness of Corporate Security Key Controls; Frameworks, Policies, Standards and Desktop Procedures
• Partner with Business Owner, Technical Owner, Division Risk Owner and other department stakeholders to develop, review and document criteria for control testing
• Responsible for creating and execution of Corporate Security Quality Control Plan
• Assist in reviewing and updating Corporate Security Policies, Standards and Desktop Procedures
• Organize and maintain regulatory documentation, metrics, and, reports
• Responsible for Corporate Security's 1LOD Quarterly Risk Reporting (QRR) and other regulatory (e.g. GLBA reporting, ITRM Control Assessments, RCSA) and audit responses and documentation
• Responsible for coordinating and documenting (e.g. Meeting Minutes) team's risk working group and committee meetings
• Create testing/validation plans and conduct reviews of various Corporate Security functions to ensure regulatory compliance
• Analyze findings and perform root cause analysis distinguishing between operational risk, compliance risk, safety and security risk
• Document and report on gaps, risk identification and issues. Assist management assess risks, prepare correction action plan to address control issues and mitigate potential risks and reporting
• Evaluate, recommend and implement test tools, strategies and provide recommendations when needed
• Maintain a thorough understanding of CNB's Internal Controls Management Policy and Standards, control testing methodologies, and related regulatory and compliance standards, including but not limited to enterprise risk management, data governance, third party risk management, model risk management, business continuity, fraud risk management, and associated regulations, guidance, and regulatory expectations
• Assist the business owner to establish and update control inventory, control description, workflows/processes to support and drive consistent control testing
• Exhibit high attention to detail and strategic thinking in analyzing, aggregating, and articulating the results/issues of control testing activities and value-add opportunities for improvement of Key Controls to Corporate Security Management and other stakeholders
• Support development, implementation, and continuous improvement of tools, templates, and best practices that support control testing and reporting activities
• Assist with the validation and closure of control issues as identified through testing
• Contribute to ad-hoc assignments and special projects