8 hours ago

Cyber Risk & Controls Analyst

First Citizens Bank

Hybrid
Full Time
$140,000
Hybrid

Job Overview

Job TitleCyber Risk & Controls Analyst
Job TypeFull Time
Offered Salary$140,000
LocationHybrid

Who's the hiring manager?

Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.

Uncover Hiring Manager

Job Description

Overview of the Cyber Risk & Controls Analyst Role at First Citizens Bank

This remote position supports cybersecurity governance by performing risk assessments, including risk and control self-assessments (RCSAs) and security exceptions risk assessments. The role is critical in evaluating cybersecurity controls and supporting key risk management processes within First Citizens Bank. As a Cyber Risk & Controls Analyst, you will help identify risk and control gaps, assess cyber risks, and recommend improvements to strengthen the organization's cyber posture. This position provides essential risk analysis, documentation, and control development support across cybersecurity teams, acting as a valuable resource for process owners and contributing significantly to continuous improvement initiatives.

Key Responsibilities

  • Perform Cyber Risk Assessments, including information security standard exceptions risk assessments.
  • Support risk aggregation and reporting activities for Information Security Standard Exceptions.
  • Perform cybersecurity process-level RCSAs in partnership with business function owners and stakeholders.
  • Implement risk and controls assessment results, risk ratings, and supporting evidence in accordance with Enterprise Risk Standards within the system of record.
  • Draft, update, and refine control risk and control statements to ensure clarity, effectiveness, and alignment with cybersecurity processes.
  • Review existing risks and controls for design effectiveness, identifying gaps, inconsistencies, or opportunities for improvements.
  • Perform updates within the system of record for inherent and residual risk ratings for process-level risks.
  • Perform updates within the system of record for control effectiveness and control environment ratings on a regular cadence.
  • Support evaluation of cybersecurity risks and controls against Enterprise Policies and Standards, regulatory requirements, and industry standards.
  • Support remediation planning by documenting gaps, improvement recommendations, and target-state control enhancements.
  • Participate in projects, assessments, or escalated tasks requiring risk and control expertise.

Required Qualifications

Candidates should possess a Bachelor's degree and 6 years of experience in cybersecurity, risk management, or a related field. Alternatively, a High School Diploma or GED combined with 10 years of experience in cybersecurity, risk management, or a related field is acceptable. Essential qualifications include:

  • Experience performing risk assessments and RCSAs for technology, information security, or cybersecurity.
  • Working knowledge of cybersecurity processes, including appropriate risk, controls, and risk taxonomies.
  • Experience with frameworks such as NIST CSF, NIST SP 800-53, and mapping controls to such frameworks.
  • Ability to write clear, actionable risk and control descriptions and assessment findings.
  • Strong analytical, documentation, and communication skills with attention to detail.
  • Ability to work collaboratively with technical and non-technical stakeholders.

Preferred Qualifications

  • 6 years of direct experience in cybersecurity risk or risk and control assessment.
  • Experience supporting cybersecurity programs within a large financial institution or regulated environment.
  • Certifications such as Security+, SSCP, CISA, CISM, CISSP, CRISC.
  • Understanding of threat landscapes, IT processes, and common control frameworks.
  • Experience supporting process improvements, control rationalization, or evidence evaluation.

Compensation and Benefits

The base pay for this position generally ranges between $102,000 and $157,000. Actual starting base pay is determined by skills, experience, location, and other non-discriminatory factors. Total compensation may also include variable incentives, bonuses, benefits, and other awards. First Citizens Bank is committed to providing a competitive and quality benefits program; more information is available on their careers site.

Key skills/competency

  • Cybersecurity Risk Management
  • Risk Assessments
  • Control Self-Assessments (RCSA)
  • NIST Frameworks (CSF, SP 800-53)
  • Information Security Controls
  • Regulatory Compliance
  • Threat Landscape Analysis
  • Control Documentation
  • Remediation Planning
  • Financial Services Cyber Security

Tags:

Cyber Risk & Controls Analyst
Risk Assessment
Control Evaluation
Regulatory Compliance
Cyber Governance
Remediation Planning
Information Security
Risk Management
Process Improvement
Risk Reporting
Documentation
NIST CSF
NIST SP 800-53
Security+
CISA
CISM
CISSP
CRISC
GRC Platforms
Enterprise Risk Standards
Financial Regulations

Share Job:

How to Get Hired at First Citizens Bank

  • Research First Citizens Bank's culture: Study their mission, values, recent news, and employee testimonials on LinkedIn and Glassdoor.
  • Tailor your resume for cyber risk: Customize your resume to highlight experience in risk assessments, control frameworks like NIST, and financial institution cybersecurity.
  • Showcase relevant certifications: Emphasize any Security+, CISA, CISM, CISSP, or CRISC certifications to demonstrate expertise.
  • Prepare for behavioral questions: Practice articulating how you handle complex risk scenarios and collaborate with stakeholders effectively.
  • Understand their risk appetite: Familiarize yourself with First Citizens Bank's approach to cybersecurity governance and enterprise risk standards.

Frequently Asked Questions

Find answers to common questions about this job opportunity

Explore similar opportunities that match your background