"Alerted.org

As part of UMB’s **Corporate Information Security and Privacy (CISP) team** , the mission is to identify threats, vulnerabilities, and risks and to help protect the people, information, and services within the organization. CISP works closely with all lines of business. This role will work especially close with UMB enterprise technology and information security teams to ensure data protection initiatives are present, usable and, understood within the organization.

As a **Sr. Information Security Risk Analyst,** you will be responsible for supporting UMB Financial Corporation’s Information Security Program to ensure UMB is able to address rapidly changing threats, technologies, and business conditions. **We currently have 2 openings with one position focusing specifically on Incident Response.** The Incident Response opening includes assisting with the coordination, response, and investigation of Information Security Incidents throughout the lifecycle of a cyber event, including incident response planning, root cause analysis and investigation, remediation actions, post-mortem discussions, and process improvement activities. This is a subset of the overall responsibilities which involves other multiple initiatives as assigned by Corporate Risk leadership.

These roles are hybrid (Tue through Thu on-site) located in downtown Kansas City, MO.

_How you’ll spend your time as a Sr. Information Security Risk Analyst:_

+ Collaborate and drive security initiatives, working with people across multiple teams and diverse functions.

+ Enable the business and other stakeholders to make risk-aware decisions by advising business units and technology leaders of the information security risks and proposing acceptable risk treatment options and alternatives.

+ Support the information security program efforts through the collection of performance indicators, metrics, and other evidence and communicating relevant, succinct, and actionable recommendations to leadership.

+ Support UMB’s PCI-DSS compliance and assessment activities while supporting our internal technology and business teams across the organization.

+ Proactively maintain a current and working understanding of information security best practices, the practical application of security concepts, relevant information security and technology regulations, threats, and industry trends.

+ Assist in responding to internal/external audits, including third-party security assessments, if applicable.

+ Maintain a current and working understanding of relevant information security and technology regulations and industry trends, including UMB Information Security Policies and the practical application of the Policies.

+ Manage multiple simultaneous workstreams supporting disparate stakeholders, providing appropriate and timely communication of issues, concerns, risks, and status.

_How you’ll spend your time as a Sr. Information Security Risk Analyst – Incident Response:_

+ Assist with the on-going maturity of the Information Security Incident Response Program, including investigative and analysis processes, organizational policies and Incident Response Plan maintenance, playbook development and maintenance, facilitate tabletop exercises, and incident root cause analysis.

+ Partner with Legal, Human Resources, Privacy, Information Technology, Corporate Security, Insider Risk, and Fraud teams to align and manage Information Security Incident Response activities including the investigations of cyber incidents, information security forensics, and cyber fraud-related activities.

+ Collaborate and drive security initiatives, working with people across multiple teams and diverse functions.

+ Enable the business and other stakeholders to make risk-aware decisions by advising business units and technology leaders of the information security risks and proposing acceptable risk treatment options and alternatives.

+ Support the information security program efforts through the collection of performance indicators, metrics, and other evidence and communicating relevant, succinct, and actionable recommendations to leadership.

+ Assist in the documentation and assessment of UMB’s governance, risk management, and compliance programs.

+ Validate, identify remediation actions, and monitor gaps identified through security risk and controls assessments.

+ Support the continuous maturity and evolution of UMB’s information security and privacy programs by challenging current approaches and proactively identifying and communicating improvement opportunities.

+ Assist in responding to internal/external audits, findings, risk assessments and gap analysis activities.

+ Perform gaps analysis against regulatory expectations or industry standards, provide workable recommendations for remediation, and when appropriate lead efforts to mitigate.

+ Manage multiple simultaneous workstreams supporting disparate stakeholders, providing appropriate and timely communication of issues, concerns, risks, and status.

_We’re excited to talk with you if:_

+ You have a college degree in Management Information Systems (MIS), Computer Science or a related discipline OR equivalent work experience.

+ You have at least 5 years of experience in information security, security audit, or information security risk management/compliance.

+ You have understanding of Information Security Incident strategies.

+ You have prior experience in investigative services, fraud operations, risk management, legal, internal audit, or other risk related roles.

+ You possess the ability to use critical thinking skills and good judgement in evaluating situations and making decisions.

+ You have demonstrated understanding of security and privacy law or regulation such as PCI-DSS, GLBA, HIPAA, and key phases of Incident Response.

+ You have strong knowledge of risk and controls, including working knowledge of standards and frameworks such as COSO, COBIT, ISO, NIST, and ITIL.

+ You have the ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously.

+ You have understanding of and practical experience with information security risk assessments and information security audits.

_Bonus Points If:_

+ You have industry recognized certification relevant to information security or risk assessment (i.e. GIAC Incident Handler, CISSP, CRISC, SEC+, etc.).

+ You have strong understanding of information security regulatory requirements and best practices.

+ You have understanding of cyber incidents and how they can impact security and privacy or an organization and how to respond to them.

+ You have general understanding of banking and financial services processes, and the related risks to securing and managing data.

+ You have general knowledge of cyber incident forensics analysis activities.

+ You have knowledge and experience with project and program management skills and requirements from a risk and security perspective.

Applicants must have legal authority to work in the United States. Work Visa sponsorship not available for this position.

Compensation Range:

$69,230.00 - $149,000.00

_The posted compensation range on this listing represents UMB’s standard for this role, but the actual compensation may vary by geographic location, experience level, and other job-related factors. In addition, this range does not encompass the full earning potential for this role. Please see the description of benefits included with this job posting for additional information_

UMB offers competitive and varied benefits to eligible associates, such as Paid Time Off; a 401(k) matching program; annual incentive pay; paid holidays; a comprehensive company sponsored benefit plan including medical, dental, vision, and other insurance coverage; health savings, flexible spending, and dependent care accounts; adoption assistance; an employee assistance program; fitness reimbursement; tuition reimbursement; an associate wellbeing program; an associate emergency fund; and various associate banking benefits. Benefit offerings and eligibility requirements vary.

Are you ready to be part of something more?

You're more than a means to an end—a way to help us meet the bottom line. UMB isn't comprised of workers, but of people who care about their work, one another, and their community. Expect more than the status quo. At UMB, you can expect more heart. You'll be valued for exactly who you are and encouraged to support causes you care about. Expect more trust. We want you to do the right thing, no matter what. And, expect more opportunities. UMBers are known for having multiple careers here and having their voices heard.

_UMB and its affiliates are committed to inclusion and diversity and provide employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including gender, pregnancy, sexual orientation, and gender identity), national origin, age, disability, military service, veteran status, genetic information, or any other status protected by applicable federal, state, or local law. If you need accommodation for any part of the employment process because of a disability, please send an e-mail to_ [email protected]_ _to let us know the nature of your request._

_If you are a California resident, please visit our_ Privacy Notice for California Job Candidates (https://p1.aprimocdn.net/umb/cdbf5f22-8f7a-43b9-bd03-b09f014a39c3/Privacy\_Notice\_for\_California\_Candidates\_Original\_file.pdf) _to understand how we collect and use your personal information when you apply for employment with UMB._

_Who we are_

We are more than a company. We are advisors, consultants, problem solvers, friends, community members, experts, and we are here to help you make the best of every moment with a financial foundation that can help you succeed.

Learn more about UMB's vision (https://p1.aprimocdn.net/umb/8cf58ce2-e9d6-4621-b60a-b09f01638943/UMB\_Tuce\_Book\_Original\_file.pdf)

Check out the road to a career at UMB