Information Security Analyst- job post

Job Description

3.93.9 out of 5 stars

United States

Full-time

Job details

Job type

• Full-time

Shift and schedule

• Extended hours
• Monday to Friday

Full job description

This position is pivotal in safeguarding the bank’s data, systems, and networks from security threats. It ensures the bank’s information assets remain secure, compliant with regulatory requirements, and resilient against cyberattacks. The role helps oversees the strategic planning, management, and reporting of the bank’s information security program, aligning operations with the institution’s mission and strategic objectives.

Duties and responsibilities

• Responsible for assisting in evaluating and enhancing controls over information security, business continuity, data processing, incident response, and vendor relationships.
• Support the administration and execution of the Bank’s information security program and related activities ensuring duties and responsibilities assigned to various departmental members and vendors are documented and executed.
• Maintains a comprehensive understanding of the evolving IT threat landscape within the financial industry and translating that knowledge into risk assessments and actionable protection plans.
• Monitor networks and systems for security issues, vulnerabilities, and potential threats.
• Work with Risk Management Officer for the creation and maintenance of information security policies, procedures, minimum requirements, security awareness, training campaigns and management reporting.
• Develop and provide day-to-day oversight of the information security program across the Bank which includes IT risk assessments, vendor assessments, business continuity plan, computer security incident response, and coordinating the response to auditors and regulators for all IS related matters.
• Support the management of all activities related to the development, deployment, and maintenance of IS and vendor relationships.
• Monitor for security issues, vulnerabilities, and hacking threats across network and systems.
• Assist in investigation of computer security events lifecycle including identification and response
• Align Bank’s mission and strategic initiatives with departmental objectives.
• Work with the Risk Management Officer, IT Director, and Chief Risk Officer to develop and implement long-term strategic changes.
• Responsible for implementing the information security strategy and objectives, including strategies to monitor and address current and emerging risks.
• Advise and consult with business lines, technology service providers and project teams to understand the risks and ensure effective implementation of controls.
• Evaluate the maturity of the IS program against cybersecurity frameworks.
• Establish and monitor metrics that demonstrate threats in a way the Bank can understand and appropriately take action.
• Assess information security risk through qualitative risk analysis on a regular basis and conduct functional and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements.
• Help assess the cybersecurity risks associated with new technologies, and vendors; ensuring that adequate control exists, or business units understand risks prior to implementation; evaluating and recommending new information security technologies and counter-measures against threats to information or privacy.
• Leverage technology investments and vendors to maximize the effectiveness and efficiency of daily responsibilities.
• Develop a central function to support delivery and sustainability of critical security programs and ensure continuous improvement and efficiencies over time with an emphasis on process improvements and process re-engineering.
• Other duties assigned by management.
• Bachelor’s degree in Information Technology, Computer Science, or a related field, or equivalent work experience.
• One to three years of experience in information security, IT, or a related field preferred.
• Exposure to or basic understanding of information security frameworks and regulatory expectations (FFIEC, NIST, etc.) preferred.
• Relevant certifications such as Security+, CISA, or progress toward CISSP/CISM are a plus.
• Strong analytical, organizational, and problem-solving skills.
• Ability to work independently and manage multiple priorities.
• Strong attention to detail and ability to document findings clearly.
• Effective verbal and written communication skills.
• Demonstrates integrity, professionalism, and a willingness to learn.

Working Conditions

• Office environment.
• Work hours for this position are typically 40 hours per week, Monday through Friday, but there may be occasions when extended hours are necessary based on business needs and specific situations.
• Some travel may be necessary (businesses, and branch locations).
• The employee is frequently required to operate a computer, printer, copy machine, calculator, telephone, and/or other office equipment.
• The employee frequently exchanges information with others and must be able to do so in an effective manner. Must have the ability to communicate clearly and effectively, both verbally and in writing, and across a variety of audiences.

Physical Requirements

• While performing the duties of this job, the employee is regularly required to sit, use hands to handle or feel and talk or hear. The employee is frequently required to reach with hands and arms. The employee is occasionally required to stand, walk and stoop, kneel, crouch or crawl.
• The employee must frequently lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.