Senior Information Security Analyst

About The Position

Requirements

• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field. Advanced degrees or relevant certifications are advantageous.
• Minimum of five (5) years of experience in information security with a focus on vulnerability management, patch management, email security, DLP, and endpoint security.
• Proven experience with security tools such as vulnerability scanners, SIEM platforms, EDR solutions, and email security systems.
• Employees are expected to represent the Bank in a professional manner to customers and outside contacts.
• Employees must have excellent interpersonal communication skills, consisting of the ability to write and speak effectively to others.
• Employees must be a productive team player, with the ability to learn, apply training and comprehend policies and procedures.
• Employees should also be flexible to changing working situations and able to meet deadlines as they arise.
• Strong understanding of network protocols, operating systems, and database security.
• Familiarity with regulatory compliance requirements (e.g., FFIEC, GLBA, PCI DSS).
• Proficiency in scripting or programming languages for automation purposes.
• Excellent analytical, problem-solving, and organizational skills.
• Exceptional communication skills, both verbal and written.
• Familiar with Cybersecurity related systems
• Professional certifications such as CISSP, SSCP, GIAC, or other related certification(s), or willingness to obtain within one year.

Responsibilities

• Vulnerability Management: Conduct regular vulnerability assessments and penetration testing across systems and networks. Analyze and prioritize vulnerabilities; develop and implement remediation plans. Collaborate with IT and development teams to address security weaknesses. Stay current with emerging vulnerabilities and threat landscapes.
• Patch Management Oversight: Lead and manage the patch management process for software and hardware components. Coordinate with system administrators and vendors to ensure timely application of patches. Develop and enforce patch management policies and procedures. Monitor patch deployment effectiveness and address implementation issues.
• Email Security: Implement and manage email security solutions to protect against phishing, spam, and malware. Monitor email systems for security threats and respond promptly to incidents. Develop policies and train staff on secure email practices.
• Data Loss Prevention (DLP): Deploy and maintain DLP solutions to prevent unauthorized access or disclosure of sensitive data. Define and enforce DLP policies; monitor compliance. Investigate and address DLP alerts and incidents.
• Anti-Virus/Endpoint Detection and Response (EDR): Manage anti-virus and EDR systems across all endpoints to detect and mitigate security threats. Ensure endpoints are protected with up-to-date security software and definitions. Respond to security alerts from anti-virus and EDR systems; coordinate remediation efforts.
• Security Monitoring and Incident Response: Monitor security systems, including SIEM tools and intrusion detection systems. Analyze security logs to identify potential threats and anomalies.
• Perform privilege access management systems, enforcing least privilege principles and monitoring access controls.
• Participate in incident response activities, including investigation, containment, and recovery. Document incidents and implement improvements to prevent recurrence.
• Reporting: Prepare detailed security reports for management and stakeholders. Develop metrics and dashboards to measure the effectiveness of security initiatives. Communicate security issues and recommendations to technical and non-technical audiences.
• Compliance and Policy Enforcement: Ensure adherence to all relevant security policies, standards, and regulatory requirements. Assist in developing, reviewing, and updating information security policies and procedures. Support internal and external audits; address compliance gaps.
• Security Awareness and Training: Contribute to security awareness programs; develop training materials and deliver presentations. Educate employees on best practices and emerging threats.
• Additional Duties: Evaluate and recommend security technologies and solutions. Stay informed about cybersecurity trends and best practices. Mentor junior team members and provide guidance on security matters.
• Other Functions: Complete information security projects and implement new tools. Research new data security trends, keep up-to-date with current events and new threats in data security, and participate in relevant training courses. Make recommendations to the Director of Information Security to improve network and mainframe security.
• Expertise in performing Information Security Analyst(s) or Information Security Operations Manager functions where redundancy is necessary.
• Provide assistance to Internal Audit and regulators with IT-related requests.
• Complete other job-related duties, and/or projects, as assigned.