Auto req ID 285145BR

HR Job Code 102033 Cyber Security Risk Analyst Sr

Job Profile

• Executes the cyber security program, identifying opportunities for enhancement where applicable. Enables line of business adherence with cyber security programs.
• Participates in the design and development of the cyber risk management program to meet business and regulatory expectations. Leads in the design and development of specific cyber risk management program components.
• Executes the cyber security management programs within or across the lines of business (e.g. - business self-assessment and quality reviews). May lead cross functional teams.
• Provides risk expertise while working with the businesses and other cyber risk partners (e.g., Compliance, Credit, Legal, Audit).
• Leads or influences cyber security initiatives and business as usual activities. Identifies cyber risk, assesses impact and makes recommendations on resolution. Reports and escalates cyber risk and program compliance as appropriate.

Position City PA - Pittsburgh

Position Title Cyber Security Risk Analyst Sr

Line of Business Technology

Building Location PA374 - Two PNC Plaza

Job Type Regular

Total Hours Per Week 40

Travel

Job Status Full Time

Shift Daylight

Scheduled Days/Hours M-F 8am - 5pm

EEO Statement PNC provides equal employment opportunity to qualified persons regardless of race, color, sex, religion, national origin, age, sexual orientation, gender identity, disability, veteran status, or other categories protected by law

Location(s) PA - Pittsburgh

Certifications/Licenses

CISA, CISSP, and CISM preferred.

Required Education and Experience

Roles at this level typically require a university / college degree, with 3+ years of relevant / direct industry experience. Certifications are often desired. In lieu of a degree, a comparable combination of education and experience (including military service) may be considered.

Job Specific Competencies

Data Governance - Extensive Experience

• Knowledge of and the ability to develop and maintain an organization's data in order to meet business requirements.

INFORMATION SECURITY MANAGEMENT - Extensive Experience

• Knowledge of and the ability to manage the processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organizational data.

IT Standards, Procedures & Policies - Extensive Experience

• Knowledge of and the ability to utilize a variety of administrative skill sets and technical knowledge to manage organizational IT policies, standards, and procedures.

IT ENVIRONMENT - Extensive Experience

• Knowledge of an organization's IT purposes, activities and standards; ability to create an effective IT environment for business operations.

Problem Solving - Extensive Experience

• Knowledge of approaches, tools, techniques for recognizing, anticipating, and resolving organizational, operational or process problems; ability to apply this knowledge appropriately to diverse situations.

Effective Communications - Extensive Experience

• Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive, and accurately interpret ideas, information, and needs through the application of appropriate communication behaviors.

Analytical Thinking - Extensive Experience

• Knowledge of techniques and tools that promote effective analysis and the ability to determine the root cause of organizational problems and create alternative solutions that resolve the problems in the best interest of the business.

Information Security Technologies - Working Experience

• Knowledge of technologies and technology-based solutions dealing with information security issues.

Information Assurance - Extensive Experience

• Knowledge of and the ability to protect information and information systems while ensuring their confidentiality, integrity and availability.

Information Security Audits - Working Experience

• Knowledge of and the ability to utilize tools and techniques for assessing the effectiveness of information security measures, identifying potential risk exposures, and protecting the availability, confidentiality and audit trails of information from destruction or manipulation.

Core Competencies

Manages Risk - Working Experience

• Assesses and effectively manages all of the risks associated with their business objectives and activities to ensure activities are in alignment with the bank's and unit's risk appetite and risk management framework.

Customer Focus - Extensive Experience

• Knowledge of the values and practices that align customer needs and satisfaction as primary considerations in all business decisions, and ability to leverage that information in creating customized customer solutions.

Position Overview At PNC, our people are our greatest differentiator and competitive advantage in the markets we serve. We are all united in delivering the best experience for our customers. As a Cyber Security Risk Analyst III you are a member of PNC's Cyber Attack Surface Management team, a part of PNC's Cyber Security Organization and will be located in Pittsburgh, PA.

Job Profile :

The Cyber Security Risk Analyst III role is a subject matter expert on the Cyber Attack Surface Management team who is responsible for the governance and growth of PNC's Antivirus/Malware program. Responsibilities within this position will include:

• Working with peer Cyber teams to maintain and improve the enterprise-wide risk-based antivirus/malware strategy focused on endpoint protection.
• Working with peer Cyber teams and Information Technology platform owners to implement and maintain antivirus/malware solutions, as well as assist in the identification and risk assessment of gaps, documenting any required exceptions, and development of any required remediation plans.
• The development of a policy management process over the AV/Malware tools used at PNC. Maintain adequate controls according to FFIEC CAT guidelines.
• Perform centralized AV tool administration as required. The successful incumbent in this position will have extensive knowledge and experience in maintaining and configuring SEP Manager (SEPM) software and managing the remote groups.
• As an integral part of this dynamic and progressive team, you will assist in the enforcement of corporate-wide information security policies, guidelines and best practices. You will also provide technical advice to support internal Cyber Security teams on a wide variety of information security issues, concerns, and problems.

Preferred Qualifications:

• 3+ years of experience managing Symantec Endpoint Protection or other enterprise level endpoint solution
• SEP certification or other enterprise level endpoint solution certification a plus
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Server Platform Certifications (Microsoft, Linux)