Summary

Under general supervision, the IT Security Governance Analyst II is a front-line member of the IT Security Program team responsible for the overall management of the IT Security Program. The IT Security Governance Analyst is responsible for supporting internal, external, and client audits, managing security risks within a GRC solution, and assessing security-related risks associated with third parties.

Essential Duties and Responsibilities

• Assist in developing checklists, programs, and/or guidelines to support Security Governance processes.
• Support auditors, including advising on scope, training of staff, interpretation of control requirements, and gathering of artifacts.
• Coordinate Internal/External audit artifact requests and meetings.
• Oversee the gathering and reporting of metrics related to audit support, including remediation of audit findings and potential audit impacts.
• Assist in the creation of security risk and metric reports provided to management.
• Gather client requirements and data which may include site surveys and system evaluations.
• Assist in managing the ongoing due diligence process of third-party oversight.

Qualifications

• Knowledge of IT Audit techniques and industry standards.
• Knowledge of Sarbanes Oxley and SSAE 16 standards and guidelines
• Strong analytical and technical skills.
• Knowledge of information security standards, including CIS Critical controls and the NIST Cybersecurity Framework.
• Ability to systematically assess a problem or situation to identify probable causes and solutions accurately.
• Understanding of a broad range of IT disciplines that would impact overall security posture.
• Proficiency in relating complex technical situations to non-technical customers.
• Ability to prioritize workload and consistently meet deadlines.

Education and Experience

• Bachelor's degree in Computer Science, Information Systems, or Cyber Security preferred; or equivalent experience required
• 3+ years' experience in Information Technology, or Information Security
• Experience with ticketing systems
• Experience with office productivity, reporting, and technical documentation software
• Exposure to systems monitoring tools and logging tools

Stifel is a more than 130 years old and still thinking like a start-up. We are a global wealth management and investment banking firm serious about innovation and fresh ideas. Built on a simple premise of safeguarding our clients’ money as if it were our own, coined by our namesake, Herman Stifel, our success – and 26 years of continual growth – is intimately tied to our commitment to helping families, companies, and municipalities find their own success.

While our headquarters is in St. Louis, we have offices in New York, San Francisco, Baltimore, London, Frankfurt, Toronto, and more than 400 other locations. Stifel is home to approximately 9,000 individuals who are currently building their careers as financial advisors, research analysts, project managers, marketing specialists, developers, bankers, operations associates, among hundreds more. Let’s talk about how you can find your place here at Stifel, where success meets success.