Information Security & Compliance - Analyst
Credit One Bank, N.A. is a data-driven financial services company based in Las Vegas. Founded in 1984, Credit One Bank offers a spectrum of credit card products for people in all stages of financial life. One of the fastest-growing credit card providers in the United States, Credit One Bank offers credit cards through the Visa®, Mastercard® and American Express® networks. Credit One Bank is the Official Credit Card of NASCAR®, the Las Vegas Raiders, the Vegas Golden Knights, and Best Friends Animal Society, and is a proud partner of WWE and Six Flags®. Learn more at CreditOneBank.com and on social media (@CreditOneBank) on Facebook, Instagram, Twitter, YouTube, and LinkedIn.
We are looking for highly qualified professionals at our state-of-the-art, corporate headquarters in Las Vegas, NV. In addition to providing our card members with superior value and service, we are dedicated to providing engaging and challenging career opportunities for our employees. As a member of the Credit One Bank team, we’ll help you be your best and support you so you can reach your full potential.
The Information Security & Compliance - Analyst is responsible for assessing and documenting the [IT/Dev] department’s governance, compliance and risk posture as they relate to its information assets.
This position provides highly skilled administrative, [technology/ development] expertise for the development and implementation of information [technology / development] risk management and compliance program. Responsibilities require leadership and project management experience, as well as the ability to ensure effective system-wide analysis, standards, testing; risk assessment; awareness, education; and development of policies, standards and guidelines.
Reporting position: Information Security & Compliance - Analyst reports to the senior [IT/Dev] line manager with a ‘dotted-line’ to the Information Security – GRC Manager.
Duties and Responsibilities
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to information security program governance, risk assessments, compliance activities and decisions regarding risk, metrics and program improvements
- Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates
- Perform other duties as assigned to ensure the smooth functioning of the department and maintain the reputation of the organization as a viable business partner
- Lead the development and implementation of the [Information Technology/Software Development] risk management function of the technology risk program to ensure information security risks are identified, managed and monitored
- Internally assess, evaluate and make recommendations to management regarding the adequacy of the (administrative and technical) risk controls for the Bank’s information and technology systems
- Contribute to the system-wide information security governance and compliance program, ensuring Information Technology, Development & Information Security activities, processes, and procedures meet defined requirements, policies and regulations
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with regulatory expectations and relevant legislation
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors
- Familiarity with Information Technology, Development, Information Security and Industry compliance frameworks such as FFIEC, PCI DSS, NIST CSF, Center for Internet Security, Agile, etc.
- Communicates with all levels of staff including; Information Technology, Development, & Information Security management and staff, developers and other technical staff, general counsel, auditors, and technology vendors and contractors, in matters related to information security governance, policy, risk, compliance, and security awareness
- Work with Internal Audit, State and Federal regulators as appropriate on required technology & security assessments, audits, and examinations
- Coordinate and track all information technology and information security related audits and examinations including scope of audits, timelines, auditing agencies and outcomes
- Work with auditors and regulators as appropriate to keep audit focus in scope, maintain excellent relationships with audit and regulatory entities and provide a consistent perspective on the bank’s governance, risk, and compliance efforts
- Provide guidance, evaluation and advocacy on audit responses
- Must be able to assess computer hardware, software, and systems for security risks (or violations) and work with Information Technology and Information Security, consultants, and bank vendors to recommend solutions
- Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
- Must be able to assess the status of complex multi-location projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
- Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations
Contingency planning (BCP, DR)
- Collaborate with bank Business Continuity department on Technology & Information Security business continuity planning, disaster recovery planning, and testing
Knowledge, Skills, and Abilities
- A self-starter, able to work under general supervision. Comfortable working with inter-related infrastructure, software development, and information security risk issues
- One to three years of [information technology/development] experience including information security technology skills and expertise or one to three years of direct information security experience
- Knowledge of information technology and/or software development risk management frameworks and compliance practices
- Knowledge of information technology, software development, and information security controls
- Ability to develop security policies, standards and guidelines based on best practices and industry frameworks
- One to three years participating in information technology, software development, or information security projects
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Understanding of common security standards and regulations relating to a financial services environment such as, FFIEC, PCI DSS, NIST CSF, Center for Internet Security (CIS), MITRE ATT@CK., ISO 27000, Agile, etc.
- One to three years participating in information technology, software development, or information security audits and examinations
- Well versed with financial service industry legal and regulatory requirements
- Bachelor’s degree in computer science, information technology, software development, or another related field.
- Familiarity with security auditing and the financial regulatory examination process (Federal Reserve Bank, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, FFIEC, etc.).
- Information security governance, risk, and/or compliance experience in financial services or federal/state/local government including documenting risk and compliance activities.
- Experience participating in information technology, software development, or information security audits and/or risk assessments.
- Experience producing key metrics, information visualization, and reports.
Credit One Bank, N.A. is an equal opportunity at will employer and does not discriminate against any employee or applicant for employment because of age, race, religion, color, disability, sex, sexual orientation or national origin.
Credit One Bank does not accept unsolicited resumes from agencies and is not responsible for related fees.
- Pay Type Salary
- 6801 S Cimarron Rd, Las Vegas, NV 89113, USA