IT Risk and Compliance Analyst

At Community Financial System, Inc. (CFSI), we are dedicated to providing our customers with friendly, personalized, high-quality financial services and products. Our retail division, Community Bank, N.A., operates more than 200 customer facilities across Upstate New York, Northeastern Pennsylvania, Vermont and Western Massachusetts. Beyond retail banking, we also offer commercial banking, wealth management, investment management, insurance and risk management, and benefit plan administration.

Just as our employees are committed to helping our customers manage their finances, we're committed to our employees. After all, they make it happen for our customers every day.

To ensure our people can enjoy long and successful careers here at CFSI, we offer competitive compensation, great benefits, and professional development and advancement opportunities. As an equal-opportunity workplace and affirmative-action employer, we celebrate and support a diverse workplace for the benefit of all: our employees, customers and communities.

Our Information Technology organization is seeking a highly motivated and skilled IT Risk & Compliance Analyst with a strong focus on audit support. This role operates at the intersection of IT, Risk, and Compliance within our financial banking environment, serving as a central information security point of contact for all audit (internal, external (regulatory)) and risk engagements.

A successful candidate will ensure compliance with the IT frameworks by helping IT control owners implement and validate controls for the processes of access management, release management, change management, and vendor management

This position requires a blend of technical understanding, regulatory knowledge, and excellent interpersonal skills to effectively collaborate with various internal teams and external auditors.

Key Responsibilities:

• Manage annual IT testing for internal and external audits, risk assessments, and regulatory, legal, and policy compliance for both federal (OCC) and applicable state agencies.
• Serve as the primary Information Security liaison for all external and internal audits, vendor risk management reviews and customer client RFPs.
• Facilitate audit engagements by coordinating requests, scheduling meetings, and managing communication between auditors and internal stakeholders from IT (including System Administration, Network Security, and Information Security), Risk, and Compliance departments.
• Work directly with Business Analysts, System Administrators, Network Security engineers, and other Information Security professionals to gather requested documentation, evidence, and explanations of controls and processes.
• Cooperate with business partners to help IT satisfy new and existing federal (OCC) and applicable state regulatory obligations across all departments and subsidiaries
• Manage and track audit-related tasks and assignments, ensuring timely completion and submission of high-quality supporting information.
• Proactively identify potential control gaps or areas of concern based on audit requirements and collaborate with relevant teams to address them proactively.
• Assist in the development and implementation of remediation plans resulting from audit findings, tracking progress and providing updates to auditors and internal management.
• Maintain a strong understanding of the firm's IT infrastructure, security controls, and operational processes to effectively support audit inquiries.
• Contribute to the continuous improvement of the IT control environment and audit readiness posture.
• Participate in and document disaster recovery planning and testing for regulatory reporting.
• Prepare reports and presentations summarizing audit status, findings, and remediation efforts for various audiences, including IT leadership, Risk, and Compliance.
• Maintain proficient knowledge of, and demonstrate ongoing compliance with all laws and regulations applicable to this position, ensure ongoing adherence to policies, procedures, and internal controls, and meet all training requirements in a timely manner

• Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Business, or a related field.
• 3+ years of experience in a role within the financial services industry, with exposure to technology, risk, compliance, or audit functions.
• Demonstrated understanding of industry standards and regulations relevant to financial institutions, including SOC 1, SOC 2, FFIEC, and NIST frameworks.
• Comprehensive understanding of evaluating third-party (SOC 1, SOC2) reports and contracts to ensure that the third-party vendors and partners have effective internal control programs and identify any risks they might present
• Experience participating in and supporting external and internal IT audits.
• Familiarity with IT infrastructure, security concepts, and common controls.
• Excellent communication, negotiation, and interpersonal skills with the ability to effectively interact with technical and non-technical stakeholders at various levels.
• Strong organizational skills and the ability to manage multiple tasks and deadlines simultaneously.
• Analytical and problem-solving skills with a keen attention to detail.

Desired Skills:

• Relevant certifications such as CISA, CRISC, CISSP, or similar.
• Experience with GRC (Governance, Risk, and Compliance) tools.
• Knowledge of other relevant regulations and frameworks (e.g., GLBA, PCI DSS).
• Experience with developing and implementing IT policies and procedures.

Requirements:

• All applicants must be 18 years of age or older.

Compensation: Commensurate with experience plus potential for annual merit increase. In addition to your competitive salary, you will be rewarded benefits including: 11 paid holidays, paid vacation, Medical, Vision & Dental insurance, 401K with generous match, Pension, Tuition Reimbursement, Banking discounts and the list goes on!

Physical Requirements:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee may be required to stand, walk or sit. Use hands and fingers, handle or feel, reach with hands or arms, and speak and hear. The employee may occasionally be required to lift and or move up to 25 pounds. Specific vision abilities required by this job include close vision, and the ability to focus.

The Company is an Affirmative Action, Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation and gender identity), national origin, citizenship status, age, disability, genetic information, veteran status, or any other characteristic protected by applicable federal, state or local law.

The Company will make reasonable accommodations for qualified individuals with a disability. If you have a physical or mental impairment and would like to request an accommodation with respect to the application process, please contact the Human Resources Department.