IT Operational Risk Analyst

The IT Operational Risk Analyst is responsible for the day-to-day activities related to the disaster recovery program, customer information security program, vendor management program and information technology risk assessments including cybersecurity and multifactor authentication and other risk as deemed appropriate. This position is also responsible for coordinating and facilitating certain risk related and reporting activities for the bank. This position supports the Operational Risk Manager and Chief Risk Officer for these programs.

Vendor Management

  • Assist the Operational Risk Manager in maintaining the bank-wide Vendor Management program activities by partnering with the relationship owners and the legal department to ensure the bank’s third-party selection and management process are consistently followed.
  • Complete due diligence for prospective vendors in coordination with the relationship owner and the legal department.
  • Implement risk-based schedules and assessments for on-going vendor reviews in coordination with the relationship owners.
  • Provide analysis and reporting on items including program compliance, vendor/product profiles, high-risk activities, etc.
  • Maintain a master list of vendors.

Disaster Recovery

  • Assist the Operational Risk Manager in maintaining the bank's Business Continuity Program which incorporates planning, testing, and business impact analysis components.
  • Assist in maintaining business continuity programs for all subsidiaries and corporate support functions.
  • Partner with the business units to update and maintain business continuity master documents, plan documents, and templates for departments.
  • Implement risk-based schedule of exercises and assessments with business units to test effectiveness of plans under a variety of business disruption scenarios for testing.
  • Ensure all business continuity-related tests, exercises, assessments, and follow-up items are appropriately documented and tracked.
  • Identify gaps in program and provide appropriate reporting and escalation.
  • Provide analysis and reporting on items including program compliance, high-risk activities, and new/emerging risks, etc.
  • Develop and implement a bank-wide communication plan to ensure employees are familiar with various business continuity plan in a variety of different scenarios.
  • Create and prepare reports and analysis which complements the Risk Management Policy and Program.

IT Risk Assessment

  • Maintain a master list of technologies.
  • Participate in the periodic risk assessments that are cyber security, critical technologies, multifactor, applications and devices that are implemented or revised.
  • Create and prepare reports and analysis which complements the Risk Management Policy and Program.

Customer Information Security

  • Assist in the development of processes and procedures for the customer information security program, including control document reviews, business units assessment, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
  • Participate in the development maintenance the of a customer information Security program. (a single view of the bank’s risk profiles and tolerance.)
  • Conduct impact analysis to ensure resources are adequately protected with proper security measures.
  • Create, disseminate and update documentation of identified information security risks and controls.
  • Partner with the business units to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
  • Assist in the data classification process
  • Follows up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.
  • Ensure all information security-related procedures, assessments, and follow-up items are appropriately documented and tracked.

User Access Management

  • Oversee the review of employee access rights to critical Bank systems and applications to verify alignment with job responsibilities including privileged users.
  • Monitor the configurations of critical Bank systems and applications to ensure they meet the security controls set forth in the User Access policy.
  • Monitor problem reports, such as excessive improper logins, are regularly reviewed and follow up actions are taken when issues are identified.
  • Prepare periodic reporting of activities and assessments to Business units, Senior Management and Board of Directors (as required).
  • Assist in the preparation of reports for the Operational Risk Management Committee and the Risk Committee of the Board on the Disaster Recovery, Customer Information Security and other risk programs in order to meet regulatory requirements and deadlines.
  • Maintain an up to date understanding of industry best practices
  • Perform additional duties as required.                        


  • College education or equivalent work experience.
  • 3-5 years of related risk oversight (risk management, IT audit or Information Security experience).
  • Strong communication and interpersonal skills.
  • Strong project management skills.
  • Strong analytical, organizational, and time management skills.
  • Solid ability to multi-task.
  • Proficient in MS Office applications – Word, Excel, Visio, and PowerPoint.
  • Ability to perform research via internet and other sources – bank regulations, emerging risks, information security best practices.
  • Familiarity with FFIEC and other regulatory bodies’ IT guidance, laws and regulations.
  • Ability to implement goals and objectives.

The above description covers the most significant major responsibilities but does not exclude other occasional responsibilities and accountabilities the inclusion of which would be in conformity with the major purpose of this job.


Harvard Square – Cambridge, Massachusetts 

About Cambridge Savings Bank:

Cambridge Savings Bank is a full-service financial institution with approximately $3.4 billion in assets that is committed to improving the quality of life in the communities it serves. One of the oldest and largest community banks in Massachusetts, Cambridge Savings Bank offers a full line of individual and business banking services and has branches located in Cambridge, Arlington, Bedford, Belmont, Burlington, Concord, Lexington, Newton, and Watertown.

Cambridge Savings Bank is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. We are a VEVRAA Federal Contractor.