Governance, Risk & Compliance (GRC) Analyst

Our Company

At FirstBank PR, we strive to be a trusted advisor to our clients and our employees are the ones that ensure we deliver on our promise of excellence in personalized customer service. Our more than 3,100 employees in Puerto Rico, the Virgin Islands and Florida share a passion for excellent customer service. We are proud of our team because they are continuously surpassing our client’s expectations.

Do you have a passion for helping customers, building relationships, and delivering extraordinary, personalized customer service? If your answer is yes, FirstBank is the number one place for you.

A Brief Overview

The purpose of the Governance, Risk and Compliance (GRC) Analyst is to assist the Corporate Security Office (CSO) in assessing, prioritizing, reporting, and driving remediation strategies across the Corporation.

The role will work analyzing and implementing multiple frameworks and regulatory standards including, but not limited to, ISO 27001, NIST800-171, NIST800-53, NIST CSF, GLBA, and SOX, etc. This individual will liaise with all business groups including but not limited to Finance, Legal, Audit, HR and other stakeholders globally to implement new solutions and processes as well as document and remediate outstanding issues.

The Information Security GRC Analyst is responsible for aligning security initiatives with enterprise programs and business objectives and for ensuring that information assets and technologies are adequately protected.

What you’ll do

This position will assist the GRC Manager in maintaining the GRC Program from end-to-end. Core functions include:

· Assists in the development/update of IS policies, procedures, standards, and guidelines related to information security.

· Assists in maintaining the Corporate Information Security strategy and Information Security Program in accordance with internal policies, laws/regulations, and industry best practices.

· Monitors compliance with the Information Security Program and provide support to the Corporate Security Office preparing reports for GLBA, Audit Committee and the Board of Directors.

· Support the CSO with IS monitoring metrics such as KRIs/Scorecards/Dashboards.

· Supports the CSO preparing and maintaining IS Self-Assessments to identify potential information security risks.

· Participates in all information security related internal/external audit meetings such as: kick-off or entry meetings and closing meetings.

· Follow-up on outstanding IT and Business Integration Group (BIG) audit and regulators observations and other risks to ensure proper resolution.

· Follows up with applicable Managers on all BIG audits finding remediation.

· Recommends corrective actions and obtain commitments to correct deficiencies.

· Participates in special projects and research as it relates to Corporate Security, including assessing current relationships, the need for request for proposals (RFPs), and coordinating upgrades to current, or transition to new vendors.

· Provide support reviewing IT Security Controls and provide follow ups and effective monitoring process.

· Provide support during the preparation of the Security awareness training.

· Responsible for the proper documentation of Corporate Security Related vendors following the Vendor Management Policy.

Other Responsibilities

· Performs other tasks as requested by the Corporate IT Security Manager.

· Performs/Supports highly technical tasks such as:

o Systems and procedures review and implementation

o Policies Awareness training

o Special Investigations (Forensic)

o Root Cause Analysis Process

· Performs special tasks in order to assist internal, external auditors and regulators in their procedures.

· Monitors compliance with his/her continued education requirements.

· Safeguards information related to his/her duties.

What You’ll Need to Succeed

A Bachelor’s degree in Information Systems or Computer Science related field, and at least three (3) to six (6) years of experience in a similar job is required, or equivalent combination of education and experience sufficient to successfully perform the essential functions of the job is required.

Competencies

· Excellent verbal and written communication skills in English and Spanish

· Proficient in Computer Technology

· Proficient knowledge of Information Security Frameworks such as COBIT 5, ISO 27000, NIST and others is required

· Strong knowledge in IT Controls and how to comply with control objectives

· Strong interpersonal communication, leadership, and team skills

· Able to work in a team oriented, highly demanding, and fast paced environment.

· Strong analytical skills (analytical thinker) and self-starter

· Proficient in EXCEL, WORD, OUTLOOK, POWER POINT

First Bank Puerto Rico is a proud to be an Equal Employment Opportunity Employer and takes affirmative action to employ Women, Protected Veterans, People with Disabilities and Minorities regardless of gender identity, sexual orientation, and any other legally protected status.