EDUCATION AND EXPERIENCE

• Bachelor's degree in computer science, MIS, or related field, or equivalent certifications or equivalent work experience.
• 4+ years' experience in IT Audit, preferable.
• 4-5+ years' relevant industry experience in IT or IS risk management, internal controls or regulatory environment.
• Big 4 or CCAR bank experience, preferable.
• Professional certifications -- CRISC, CISSP, preferable.
• Experienced with IT/IS architecture.
• Experience with RSA GRC Archer Platform.

KNOWLEDGE, SKILLS AND ABILITIES

• Strong interpersonal skills / excellent collaboration skills with a wide variety of internal team members.
• Strong analytical, problem-solving and negotiation skills.
• Strong team player.
• Strong oral and written communication skills.
• Strong organizational and prioritizing skills.
• Personal initiative and attention to detail.
• Computer literate with proficiency in word processing, spreadsheet and database applications.
• Ability to influence business partners in addressing control issues and business practices; ability to lead without direct authority.
• Ability to handle a variety of projects simultaneously.
• Ability to handle confidential information in a mature and professional manner.
• Ability to work with concepts and work independently.
• Ability to ask the "right" questions without having extensive knowledge in a particular business area.
• Ability to work in a fast-paced, deadline-oriented, and dynamic environment.

NEW YORK COMMUNITY BANK.
Based in Westbury, NY, New York Community Bank is a New York State-chartered savings bank serving customers throughout Metro New York, New Jersey, Ohio, Arizona and Florida. New York Community Bank serves customers through over 200 branches featuring a divisional structure: Queens County Savings Bank, Roslyn Savings Bank, Richmond County Savings Bank, Roosevelt Savings Bank and Atlantic Bank in New York; Garden State Community Bank in New Jersey; Ohio Savings Bank in Ohio; and AmTrust Bank in Florida and Arizona. With a longstanding reputation of strength, stability and service, NYCB is proud to be committed to the communities it serves.

To learn more about the NYCB Family of Banks visit us at www.MyNYCB.com .

Help recruit top talent for NYCB through the employee referral program. All NYCB employees are encouraged to submit referrals. Locate top talent right in the community where you live, work and play. Amazing individuals are all around be sure to let them know how they can become a part of the NYCB family.

NYCB is an equal opportunity employer that prohibits discrimination on the basis of race, color, age, sex, national origin, ethnicity, religion, marital status, disability, military status, veteran status, domestic violence victim status, gender identity or expression, sexual orientation, genetic information and any other classification protected by applicable federal, state, or local law or ordinance.

This policy against discrimination applies to all terms and conditions of employment including, but not limited to: recruitment and selection, promotion and demotion, transfer, training and development, compensation, benefits, leaves of absence and termination. NYCB will consider reasonable accommodations for employees and applicants with disabilities, as well as accommodations that are necessary for an employee to practice their religious faith. JOB SUMMARY
The ERM IT Risk Analyst, Sr. will assist in the implementation and execution of an effective risk based program meant to identify, measure, assess, report, and monitor risk exposures related to Information Technology ("IT"), Cybersecurity, and Information Security ("IS") through effective review and challenge on all Information Technology framework and deliverables. This role will support the ERM Strategic and Operational Risk Manager as well as interface with the Bank's lines of business ("LOB") and their respective Business Process Owners ("BPOs").

ESSENTIAL FUNCTIONS

• Supports the appropriate design, implementation, and/or execution of the risk management framework, e.g. risk identification, assessment, and effective second line challenge on processes across all aspects of IT and IS.
• Responsible for specifying and sourcing applicable IT and IS operations' data, analyzing the information to identify the principal sources of risk and to provide management reporting to assist management and the Board in making better informed IT/IS operational business decisions with a focus on forward looking metrics.
• Assesses IT and IS business risks and supports the ERM Strategic and Operational Risk Manager to ensure adequate detective and preventative controls are in place to mitigate risk.
• Performs internal controls assessments of existing controls against established standards or emerging technologies to identify inherent risk and evaluate key mitigating controls.
• Engages in root cause analysis and works with the appropriate groups to recommend controls and solutions when researching IT/IS related risk events, operational processes, and new regulatory initiatives.
• Evaluates IT/IS risk assessments to determine design gaps in scope and control coverage.
• Manages IT/IS risk events and risk action items to closure through normal incident management process.
• Works with the LOB to develop relevant and measurable IT/IS key risk indicators (KRIs) and assesses periodically the adequacy/quality of IT/IS related KRIs.
• Assesses the adequacy of related ERM IT and IS Risk & Control Self Assessments, e.g., risks, controls, risk scores, and integrates new or revised controls into existing Risk & Control Self Assessments .
• Assesses sufficiency/completeness of IT/IS governance matters (e.g., policies/procedures) and evaluate any risks observed.
• Weighs business needs against risk concerns and articulate issues and options to management.
• Assists in ensuring accurate data capture of activities and IT and IS risks in support of risk reporting for all levels of management.
• Actively participates in a robust review and challenges the LOB processes relative to their IT/IS Risk & Control Self Assessments and overall performance.
• Provides feedback on IT/IS operational risks associated with the offering of new products and/or services and business initiatives.
• Maintains awareness of, and tracks, IT/IS regulatory environment, industry relevant IT/IS standards, e.g. NIST, GLBA, FFIEC, as well as IT/IS technologies and concepts, on an ongoing basis.
• Works to further develop the awareness and training on IT/IS operational risk across the corporation.
• Measures, monitors and reports on IT/IS operational risk for different functions in the various operations of the Bank by analyzing IT/IS key risk indicators and other metrics.
• Develops and maintains an understanding of the IT/IS portfolio of risks across the front to back office through the life cycle. Provides identification and delivery of risk mitigation solutions to the BPO's and partners with operations' areas.
• Works with the operation lines to promote acceptance of the IT/IS risk framework and further embed a culture of operational risk identification and mitigation.
• Demonstrates a continual improvement to the control environment and instigates behavioral change.
• Produces value added risk identification and reporting which impacts senior management decision making.
• Develops key initiatives related to improving IT/IS controls, implementing new IT/IS regulations, or project management work involving the advancement of the IT and IS risk framework build.
• Participates and facilitates periodic reporting.
• Keeps current on IT/IS technologies and regulatory and industry trends.

• Performs special projects, and additional duties and responsibilities as required.
• Where applicable and when performing the responsibilities of the job, employees are accountable to maintain Sarbanes-Oxley compliance and adhere to internal control policies and procedures.