Information Security Analyst

Job Description

Our client is seeking an Information Security Analyst for a direct hire opportunity. The Information Security Analyst is part of the Information Security Team who proactively administer & maintain our cybersecurity risk posture. The incumbent will be experienced in information security and work under minimal supervision from the Information Security Officer. This position will be a liaison and collaborator with business units and work closely with the Information Technology team, various departments, and a variety of vendors that supply the bank’s layered information security architecture. The incumbent is responsible for ongoing and continual administration, monitoring and reporting of information security events and the platforms that generate those events. Platforms include security awareness, breach & attack simulation, identity & access management, secrets management, vulnerability & patch management, end-point protection, and data-protection among others. The incumbent will work closely with a Managed Security Provider as some of the security platforms are outsourced to an MSP. The Information Security Analyst assists the ISO in responding to and mitigating threats across the organization.

The incumbent will work closely with the Information Security Officer in identifying analyzing and responding to emerging threats to the environment adjusting the security configurations accordingly. The Information Security team frequently collaborates across the organization in securely deploying new technologies and processes that support the business while protecting the Bank and its customers. The incumbent may serve as a liaison with the Bank’s Compliance and Audit teams, ensuring close tracking of various audit and exam Where division of duties permit, the incumbent will assist the Information Technology team in various projects and tasks. This position requires that the individual work in office, independently, and with minimal supervision.

Ensures compliance within all Bank policies and procedures, as well as all applicable state and federal banking regulations.

Essential Duties and Responsibilities:

• Configure, manage, monitor and report on multiple cyber security platforms and controls such as enterprise security awareness, breach & attack simulation, asset management, identity & access management, email security, and infrastructure & end-point security.
• Monitor and respond to alerts from various information security platforms
• Assists with implementation of policies or procedures and remediates compliance issues throughout the organization
• Work closely with internal IT, vendors, and third-party MSPs to identify and remediate vulnerabilities, manage risk and optimize security.
• respond to audits and exams and track remediation efforts to conclusion
• Diagnose and research causes of security issues (e.g., misconfigured DNS records, exposed insecure protocols, use of known vulnerable software, weak ciphers)
• Collaborate with IT to ensure secure deployment of new & existing capabilities and product deployments comply with security policies and standards
• Monitor and report on emerging cybersecurity threats and trends and provide recommendations to internal teams on how to mitigate risks.
• Respond to security incidents and/or policy violations
• Track, and report on the security risk register, Key Performance Indicators (KPI)/Key Risk Indicators (KRI) and MSP service tickets to the Information Security Officer and update the department at weekly Team meetings
• Implement proactive preventative measures
• Perform scheduled software/hardware system checks & upgrades (may involve occasional after-hours work)
• Research, install, configure, maintain, and monitor cyber security platforms
• Maintain strong knowledge of the threat landscape and mitigation strategies
• Document internal processes and procedures related to duties and responsibilities
• Minimum of 10 hours CRA volunteer hours per year. Volunteer hours are typically scheduled within business hours. This is compensable time and mileage is reimbursed
• Other duties as assigned

Qualifications:

• A minimum of 4+ years of experience as an Information Security Analyst or similar role.
• A BA/BS degree in Computer Science or related discipline; or an equivalent combination of experience and education.
• Security certification(s) such as security+, CEH or similar is preferred
• Experience in the highly regulated banking industry is preferred.
• Experience in securing Saas environments is preferred.
• Proficient understanding of IT concepts and principles, including strong knowledge of networking, server management, firewall, SD-WAN, and virtualization technologies.
• Familiarity with security frameworks and standards (e.g., NIST Cybersecurity Framework (CSF), NIST 800-53, CIS Security Controls, MITRE ATT&CK)
• Understanding of the following technologies: PC’s, laptops, printers, mobile devices such as Apple iPad, and other peripherals, networking, Active Directory, Exchange, Windows, Microsoft Office, anti-virus / anti-malware software.
• Working knowledge of Windows 10, Server 2016, Server 2019, Office 2019, M365
• Ability to prioritize and manage multiple tasks to meet deadlines
• Ability to interact with a wide range of internal staff members and external professionals, including consultants, vendors, auditors, technical staff, and others
• Intermediate level experience with creating technical documentation.
• Experience of working in a fast-paced, team-oriented environment, with the ability to positively contribute to cross-functional teams
• Intermediate level knowledge of networking/security solutions including firewalls, IPS, SIEM, LAN/WAN, wireless, VPN, VLANs preferred
• The ability to learn quickly and adapt to changing requirements