Requisition Number: 10 2020 07 PRG397
Job Title: Sr. Information Security Risk Analyst
City: Columbia
State: SC

Sr. Information Security Risk Analyst

Apply Now

Description/Job Summary

AgFirst Farm Credit Bank provides financing, as well as a range of technology and other services, to a network of agricultural lenders in the United States and Puerto Rico. Located on Main Street in Columbia, S.C., AgFirst is committed to providing a comfortable, inclusive work environment. We believe in investing in our employees so they can help lead our $35 billion company into the future. If you are looking to fuel your professional development and gain exposure in the field of Information Security, apply today!

AgFirst is seeking a Senior Information Security Risk Analyst to identify, investigate, analyze, and recommend information security guidance to ensure bank assets and processes maintain confidentiality, integrity and availability, while assessing against all applicable regulations, industry standards, and bank policies, directives, and standards. The Senior Information Security Risk Analyst will perform comprehensive information security risk assessments that evaluate inherent risk, plan controls and safeguards, and ensure alignment of residual risk and risk appetite. The Analyst will evaluate technology and business projects, business requirements, and recommend security controls to ensure effective information security and compliance with enterprise standards. The Analyst communicates information security risk issues and control gaps through security governance processes.

Duties and Responsibilities:

  • Foster a culture of collaboration and responsible risk management through the definition and adherence to appropriate risk appetites, control frameworks, policies and directives

  • Serve as Information Security subject matter expert for business line projects and participate in the development, implementation, and maintenance of information security for the bank

  • Assist with enterprise information security risk deliverables and collaborate with risk partners on information security priorities

  • Perform Information Security Risk Assessments; decompose complex risk issues and gain business line consensus on risk level and risk response to include acceptance and mitigation of risks, and establish and communicate residual levels

  • Identify and evaluate complex technology risks, internal controls which mitigate risks, and related opportunities for internal control improvement

  • Perform pre and post-contract risk assessments, as well as ongoing service and compliance monitoring to ensure the continued adherence to applicable industry regulations and standards, and AgFirst Policies and Directives

  • Maintain information security by monitoring and ensuring compliance to policies, directives, and standards; contribute to developing and conducting training

  • Risk Metrics: (Understanding the difference between KPIs and KRIs) Analyze data to produce specific, measurable, actionable, relevant, time-bound metrics for Senior and Executive Management
  • Monitor information security trends internal and external to the bank and keep business lines informed about information security related issues


    • The desired Senior Information Security Risk Analyst will possess a degree in Information Assurance, Information Systems, Risk Management, Auditing, Computer Science or related field of the equivalent in education and work experience

    • Minimum of 8 years of experience in the Information Security field, with at least 3 years of information security risk management and/or operational risk, developing and executing information security risk assessments using industry standard approaches, methodologies, and frameworks (e.g. NIST, Financial Services Regulations)

    • CISSP, CISM, CISA, CRISC, or equivalent industry recognized certification preferred

    • Possess strong/experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step

    • Expert knowledge of, and demonstrable experience in, application security, vulnerability testing, and development of risk appetite, as well as significant experience evaluating; cyber security controls

    • Strong awareness and experience with industry risk analysis approaches (ISO, COBIT, COSO) as well as all industry regulations and standards (SOX, GLBA, FFIEC, OCC, HIPAA, PCI DSS, NIST, OWASP)

    • Have the ability to interact with business stakeholders and technical personnel at all levels; experience organizing, participating and executing critical time sensitive projects; experience interacting with project managers, vendors, architects, technical experts and management

    • Ability work effectively with limited supervision with business and technical personnel at all levels of the organization

    • Effective at managing personal time and effort across multiple concurrent project assignments

    • Contribute knowledge and recommendations for risk based assessments on emerging technologies, vulnerabilities, threats, and associated risks

    • Obtain experience knowledge related to the various aspects of the company‚Äôs lines of business to enhance impact understanding of potential technology risks


    Apply Now

    EOE, including veterans and individuals with disabilities.

    For more information about our commitment to equal employment opportunity, please click here.

    If you are a California resident, for more information about your privacy click here.