MB Financial Bank IT Risk and Controls Engineer - 6111 N. River Rd in Rosemont, Illinois
SUMMARYResponsible for driving forward strategic initiatives representing security solution architecture and helping champion solutions with key business and technology stakeholders. This is a highly visible position leveraging significant engineering expertise. Serves as an expert in a specific aspect of information risk management. Undertakes the most complex projects requiring additional specialized technical and/or business knowledge. Makes well-thought-out decisions on the most complex or ambiguous information risk management issues. Provides mitigation solution oversight and direction for enterprise-wide risk technology. Ensures high-level integration of applications and business processes with information risk management policies and strategies.
Identifies, evaluates, conducts, schedules and leads analyses functions to ensure all applicable information risk requirements are met. Provides analysis of requirements necessary to ensure the confidentiality, availability and integrity of information where it is processed, stored, or transmitted by the business and IT systems while balancing performance and cost factors calculated into solutions/recommendations.
ESSENTIAL DUTIES AND RESPONSIBILITIES These are the most significant job duties performed. The size, scope and complexity of assigned duties and responsibilities are dependent on the level and experience of the incumbent. To perform this job successfully, an individual must be able to perform each assigned essential duty satisfactorily. Other responsibilities or special projects not specifically mentioned may also be assigned.
- Liaison with Audit to identify appropriate remediation solutions and activities, and ensure execution on remediation activities addresses open risk issues.
- Own the security solution engineering activities to remediate identified risk or controls issues, especially for capabilities associated with strategic initiatives.
- Participate in strategic discussions with key business stakeholders and facilitate consensus regarding technical direction when required to move initiatives forward.
- Plan and implement system and / or application security measures to protect computer systems, networks and data; work collaboratively with multidisciplinary teams and business units to investigate, implement, and support existing and future solutions.
- Through careful review of existing technology and information systems, provide guidance and recommendations related to systems and application security architecture and lead proof of concept projects.
- Evaluate security requirements to support business strategies and requirements, research information security standards, conduct system security and vulnerability analyses, and identify integration issues.
- Develop and provide guidance during engineering design activities of new and existing systems and applications; this includes risk and impact assessments and ensuring adherence to documented company standards, policies and regulatory responsibilities.
- Evaluate controls in place for cloud and security technologies, and identify appropriate remediation activities where required:
- Develop requirements for cloud public networks, virtual private networks (VPNs), routers, firewalls, and related security and network devices.
- Familiarity with certification of authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Act as a subject matter expert on risks of systems and recommend improvements to both software and hardware.
- Assess emerging technologies against security environments to determine where they fill gaps, overlap with existing solutions or extend capabilities.
- Perform research, development, and prototyping activities either directly or in an oversight capacity to manage risk and validate technology options & approach as necessary.
- Work closely with DevOps and Infrastructure teams to define controls for deployment and support for new technology solutions.
- Serve as the subject matter expert on key risk and control issues, and provides consultation to the business units.
- Provide risk and controls reviews and guidance for projects driven by groups outside of Information Security, specifically developing risk & control requirements and developing secure designs.
- Assist in the development of Information Security Strategy and 3-Year Roadmap for all Security Technology domains and provide input on the strategic direction of the IT Security team.
- Leads IT Controls and Risks projects throughout the entire project lifecycle.
- Assists in the authoring of security standards and procedures.
- Understands and complies with all Bank policies and procedures, and federal and state laws and regulations pertinent to this position; stays informed and shares updates on changes with management. Required to successfully complete all required Compliance training.
- Continuously supports the Bank’s Mission Statement and Core Values. Supervisory Responsibilities This position has no direct or indirect supervisory responsibilities but may provide guidance to Vendors or Consultants hired for specific tasks.
QUALIFICATIONS The requirements listed below are representative of the knowledge, skill, and/or ability required to perform this job successfully. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and Work Experience
Bachelor's degree in computer science/information technology and 7+ years’ experience in IT Risk and / or Controls with broad experience in the following Security domains: Network Security, System & Data Security, Identity & Access Management and Application Security; or equivalent combination of education and experience.
This position also requires:
- Strong knowledge of TCP/IP and related protocols.
- Hands-on experience in one or more of the following: Web Proxies, Firewalls, Web Application Firewalls, Intrusion Detection, Network Access Control, Anti-Malware, Encryption, Data Loss Prevention, and Static or Dynamic Code Scanning.
- Knowledge of both Windows and Linux Operating Systems Must be willing to be on call 24x7 on a rotating basis.
Certificates and LicensesCISSP, SANS, ISA or ISC2 Certification required. Additional Security and/or Operational Certifications desired. Advanced Microsoft certifications preferred, such as MCSE. The ideal candidate would hold a Windows Server 2016 or 2012 MCSE / MCSA; if not a 2016 or 2012 MCSE / MCSA, then a MCITP Enterprise Administrator / Server Administrator certification. Applicant should hold a minimum of a MTA / MCTS..
_ Job –Specific Knowledge_ To perform this job successfully, the individual needs to demonstrate knowledge of these areas as they relate to the primary functions of the job.
- Business Analysis– demonstrated experience with identifying trends and tracking key deliverables and risks such as: costs associated with proposed changes to programs and systems; and effectiveness of programs year-over-year in improving overall performance and achieving desired business results.
- Information Technology– Knowledge of Industry “Best Practices” and laws relating to data privacy and protection. Strong understanding of security threats and the design, processes, and operation of a comprehensive security control environment.
Project Management- Knowledge of project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports. Must demonstrate leadership, logic, and reasoning skills. Identify risks/issues affecting project work progress and recommend solutions. Those in a technology related position must also have strong technical knowledge. CompetenciesTo perform the job successfully, an individual should demonstrate the following competencies.
High level of computer literacy with spreadsheets, word processing and database software and/or business systems (Word, Access, Excel, PowerPoint, MS Project, VISIO, other graphic software). Ability to understand concepts governing relational database structures, and use of reporting/query tools.
- Thorough knowledge of software applications applicable to position/business unit.
- Understands and is familiar with the most widely known and emerging tools and technologies.
- Identifies opportunities to increase accuracy and optimize resources and develops / recommends / implements solutions.
- Performs complex analysis of data, processes, policies, procedures and/or systems.
- Produces unambiguous, comprehensive and accurate interpretations.
- Develops insightful, value-added and actionable analyses with detailed explanations regarding drivers of those results.
- Composes thorough and detailed written documentation, procedures, manuals, etc.
- Develop and report appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process
- Presents organized and thorough information and data appropriate for intended audience.
- Utilizes variety of interpersonal styles and communication methods to effectively adapt to new work structures, processes, or cultures.
- Demonstrates group presentation skills and excellent negotiation skills to deal effectively with individuals and groups within and outside the organization.
- Experience working with, and presenting to, executive level management.
- Demonstrates follow-up skills.
- Provides timely and professional support to all internal/external customers and vendors.
- Prioritizes regular workload, special tasks and concurrent projects, allocating time and resources to ensure that work is completed accurately and efficiently within established time frame.
- Self-motivated. Team-oriented. Works with minimal supervision.
- Consults with Team members and management as needed to complete assigned responsibilities.
- Establishes and maintains effective, collaborative work relationships both internally and externally. PHYSICAL DEMANDS & WORK ENVIRONMENTThe physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to use hands to finger, handle, or feel; and to talk or hear.
The employee is frequently required to sit in an office/cubicle work space with moderate noise level during normal business hours with frequent extended hours, as needed, and may spend significant amount of time on phone due to conference call meetings.
- Extended hours include participation in 24x7 rotating on-call schedule.
This job is frequently fast-paced and deadline sensitive. Stress levels are usually high due to job scope & demands.
**MB Financial is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
As a part of the MB Financial hiring process all applicants will be required to submit to and pass a pre-employment urine drug screening.**