Sr. Information Security Risk Analyst

As part of UMB's Corporate Information Security and Privacy (CISP) team, the mission is to identify threats, vulnerabilities, and risks and to help protect the people, information, and services within the organization. CISP works closely with all lines of business. This role will work especially close with UMB enterprise technology and information security teams to ensure data protection initiatives are present, usable and, understood within the organization.

As a Sr. Information Security Risk Analyst, you will be responsible for supporting UMB Financial Corporation's Information Security Program to ensure UMB is able to address rapidly changing threats, technologies, and business conditions.  You will support and perform a variety of program initiatives such as risk and controls assessments and governance activities at the direction of the Security Governance Director.  This is a subset of the overall responsibilities which involves other multiple initiatives as assigned by Corporate Risk leadership. 

This role is hybrid (Monday through Thursday on-site; Friday remote) and located in downtown Kansas City, MO.

How you'll spend your time:

• Assist in the documentation and assessment of UMB's IT governance, risk management, and compliance program (IT GRC).
• Manage the currency of UMB's NIST CSF and OCC Cybersecurity Work Program documentation to maintain a current understanding of UMB's information security and technology control posture.
• Lead efforts to coordinate and complete information security assessments, which may include identifying, compiling, and analyzing assessment inputs and the execution and documentation of the risk or controls assessment in accordance with the defined approach.
• Support the continuous maturity and evolution of the Information Security and Privacy Program by challenging current approaches and proactively identifying improvement opportunities to drive assessment, monitoring, and response effectiveness and efficiency. 
• Lead efforts to validate, identify remediation actions, and monitor gaps identified through security risk/controls assessments, as well as external security scorecards (e.g., Security Scorecard, ISS, and/or Risk Recon).
• Provide input and facilitate the annual review of information security policies and procedures.
• Coordinate and respond to internal/external audits, including third-party security assessments as well as third-party client due diligence questions.
• Lead efforts to perform targeted risk and control assessments of new and existing service providers.
• Perform gap analysis against regulatory expectations or industry standards.
• Write, review, and maintain Information Security and Privacy related policies and procedures.
• Maintain a current and working understanding of relevant information security and technology regulations and industry trends, including UMB Information Security Policies and the practical application of the policies.

We're excited to talk with you if:

• You have a Bachelor's Degree in Management Information Systems (MIS), Accounting Information Systems, Computer Science or a related discipline OR equivalent work experience.
• You have at least 5 years of experience in information security, security audit, or information security risk management/compliance.
• You have strong knowledge of risk and controls.
• You have proficiency in identifying and assessing Information Security risk.
• You have working knowledge of standards and frameworks such as NIST CSF, HIPAA, ISO, etc.

Bonus Points If:

• You have industry recognized certification relevant to information security or risk assessment (i.e. CISSP, CISA, CRISC, etc.).
• You have in-depth understanding of and practical experience with information security control frameworks, risk management, and security audits.
• You have strong understanding of information security regulatory requirements and best practices.
• You have knowledge of the financial services industry.
• You are able to evaluate and execute complex data mining and analysis strategies using MS Excel, Power BI, or other analysis software in an efficient manner with a focus on data integrity.
• You have knowledgeable with the Archer GRC platform.

Applicants must have legal authority to work in the United States.  Work Visa sponsorship not available for this position.

Compensation Range:

The posted compensation range on this listing represents UMB's standard for this role, but the actual compensation may vary by geographic location, experience level, and other job-related factors. In addition, this range does not encompass the full earning potential for this role. Please see the description of benefits included with this job posting for additional information

UMB offers competitive and varied benefits to eligible associates, such as Paid Time Off; a 401(k) matching program; annual incentive pay; paid holidays; a comprehensive company sponsored benefit plan including medical, dental, vision, and other insurance coverage; health savings, flexible spending, and dependent care accounts; adoption assistance; an employee assistance program; fitness reimbursement; tuition reimbursement; an associate wellbeing program; an associate emergency fund; and various associate banking benefits. Benefit offerings and eligibility requirements vary.

Are you ready to be part of something more?
You're more than a means to an end—a way to help us meet the bottom line. UMB isn't comprised of workers, but of people who care about their work, one another, and their community. Expect more than the status quo. At UMB, you can expect more heart. You'll be valued for exactly who you are and encouraged to support causes you care about. Expect more trust. We want you to do the right thing, no matter what. And, expect more opportunities. UMBers are known for having multiple careers here and having their voices heard.

UMB and its affiliates are committed to inclusion and diversity and provide employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including gender, pregnancy, sexual orientation, and gender identity), national origin, age, disability, military service, veteran status, genetic information, or any other status protected by applicable federal, state, or local law. If you need accommodation for any part of the employment process because of a disability, please send an e-mail to to let us know the nature of your request.

If you are a California resident, please visit our Privacy Notice for California Job Candidates to understand how we collect and use your personal information when you apply for employment with UMB.