Senior IT Risk Analyst

Sterling Bank and Trust, FSB
September 20, 2022
Remote Work, MI
Job Type


About Sterling Bank & Trust, FSB: Sterling Bank & Trust provides a comprehensive choice of banking solutions, innovative loan products, and outstanding personal service to individuals, professionals, businesses, and commercial customers as a trusted neighborhood bank. We're known for highly competitive deposit rates, expertise in mortgage lending, and keeping deposits at work in the local community. Our customers know that they can stop by any branch and be treated like family. Since the Bank was founded in 1984, our customers have trusted us to help them handle their banking and financial needs. With over $2 billion in assets, Sterling Bank & Trust continues to grow better to serve our customers in communities across the U.S.

Position Summary: Under the supervision of the Director of IT Risk Management, the Sr. IT Risk Analyst will collaborate with management and support team members to ensure vendor relationships are assessed and documented appropriately, following corporate guidance, contractual requirements, and applicable regulations. This position is expected to develop a clear understanding of policies and procedures required to perform at a high level, understand how Vendor Risk Management (VRM) requirements help protect the organization, and work directly with management and team members to minimize risks. The Sr. IT Risk Analyst may also support the IT Risk Management function in areas such Information and Cyber Security, Business Continuity Management, Incident Response, and Vulnerability Management.

Essential Duties and Functions (include but are not limited to):

  • Perform timely vendor due diligence and ongoing monitoring that is aligned with Bank's Third-Party Risk Management Policy and Third-Party Risk Management Manual.
  • Facilitate data gathering associated with the bank's vendors and contractors.
  • Monitor and respond to vendor monitoring alerts and outreach.
  • Ensure timely completion and updates to third-party related risk information, and track outstanding items for follow-up.
  • Provide guidance to stakeholders and support on key controls, standard processes, and operating procedures, while promoting best practices.
  • Effectively partner with technical and non-technical personnel to ensure that risks and controls are properly evaluated and communicated. Be able to provide credible challenge during discussions of information security risk.
  • Develop and maintain strong relationships based on trust and transparency with primary business stakeholders and third-party contacts.
  • Remain abreast of third party risk/supply chain threats.
  • Provide feedback on enhancements and challenges within the vendor management program.
  • Perform a gap analysis periodically to ensure information assets are accurate and up-to-date.
  • Identify and escalate control weaknesses and maturity opportunities for remediation. Individual will assist and/or lead control design where necessary.
  • Support the IT Risk Management department as required.
  • Completes all required product, service, and compliance training as it relates to the position and employment with Sterling and adheres to Bank Policy and procedures.
  • Have the ability to work independently while meeting all defined deadlines set by Supervisor and/or Chief Information Security Officer.
  • Perform all the above duties consistent with professional ethical standards, including reporting any observed ethical violations to the appropriate management, management and/or Board level committees, and/or the Bank's ethics hotline.

Key Competencies:

  • Delivering Results: Strives to consistently achieve excellence in all tasks and goals. Maintains focus and perseveres in the face of obstacles. Uses time efficiently and responds quickly and constructively when confronted with challenges. Is honest, trustworthy and conveys oneself in a professional manner. Takes ownership and accountability for own performance. Produce high-quality work.
  • Interpersonal Skills: Exhibits acceptable standards of professional conduct. Listens carefully. Develops and maintains positive working relationships with all stakeholders.
  • Collaboration: Actively participates as a member of a team to move the team towards the completion of goals. Maintains strong working relationships with team members, business units, vendors and key stakeholders. Treats others with dignity and respect while maintaining a friendly and professional demeanor. Aligns personal work and performance with the broader team to achieve mutual outcomes.
  • Individual Accountability: Demonstrated by follow through and ownership for own and delegated projects, work, and other duties.
  • Communication: Strong verbal and written communication that is clear, concise, and timely. Ability to effectively present information in one-on-one and small group situations to other employees of the organization.
  • Compassionate: Allows others to learn from mistakes and show genuine interest in the success of others while promoting their abilities and encouraging new innovative ideas.
  • Ethical: Conducts oneself with integrity, trustworthiness, and honesty. Openly takes responsibility for one's actions, and only makes agreements with actions that align with Sterling ethical behavior and code of conduct.

Technical Competencies:

  • Analytical: Must be able to quickly analyze a large collection of data, create reports, and determine results.
  • Decision making: Ability to quickly analyze data and decide the best course of action.
  • Project management: Work on multiple projects simultaneously; able to organize and manage own time to complete all projects.



Physical Demands

While performing the duties of this job the employee may be required to use hands to finger, handle, or feel; and talk and hear. The employee frequently is required to walk and reach with hands and arms and stand for long periods of time. The employee is required to occasionally sit, stoop, kneel, or crouch. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, and ability to adjust focus.

Work Environment

Generally, works in an office environment, may infrequently be required to perform job duties outside of the typical office setting. The employee will be exposed to moderate stress levels associated with the performance of the job duties described above. There may be extended periods of computer and telephone use while performing job duties. Employee will be intermittently seated, standing and/or walking during the course of a normal business day. While every precaution is taken to avoid exposing employees to dangers in the workplace, working in a financial institution may expose employees to certain hazards in the event of criminal activity including robbery and/or attempted robbery.

***The above statements reflect the general details necessary to describe the principle functions of the position described and shall not be construed as a detailed description of all work requirements that may be inherent in the position. Reasonable accommodations may be made to enable individuals with disabilities. ***


  • Bachelor's degree in risk management, information/cybersecurity, or related fields, or equivalent experience.
  • A minimum of 4 years' experience in risk management and/or vendor risk management, and/or Information/Cyber Security.
  • Experience working within regulated industries
  • Experience in financial services preferred
  • Exceptional interpersonal skills
  • Detail-oriented and task-minded
  • Strong analytical and problem-solving abilities
  • Ability to manage competing priorities effectively and efficiently
  • Ability to comfortably interact and communicate with leaders, peers, and team members

Preferred Experience and Education:

  • Professional certifications applicable to Risk Management and/or Information/Cybersecurity (i.e. CISSP, Certified Third-Party Risk Professional, etc.)


Drop files here browse files ...