Full Job Description
This position will report to the Information Security Manager. The Information Security department is responsible for identifying and securing the Bank’s information assets and providing customers, employees, and other stakeholders the assurance that their sensitive information and privacy is protected.
This position will help set security strategy, interact with senior management, and work in conjunction with all areas of the business.
MAJOR JOB RESPONSIBILITIES
Oversee system access review process for SOX critical applications
Conduct Information Security risk assessments on products, processes, vendors, and systems and present results to drive escalation, remediation, and risk acceptance decisions
Research emerging security trends and provide recommendations for improvement of security policies, procedures, training, and incident response
Support the execution of critical bank projects by representing the IS department as a project team member and providing direction on security implementation
Responsible for supporting the bank’s information security oversight of policy through monitoring and analyzing security system alerts, incidents, vulnerabilities and coordinating the triage, analysis, and remediation process
Manage internal security projects to implement best practice security practices throughout organization
Collaborate with business lines to ensure security processes and tools are aligned with overall organization risk appetite
Author, test, and evaluate security policy and controls to support the maturation process of the organization’s information security standards
Develop and present Information Security training to organization to improve end user behaviors
Assist the Audit organization in documenting evidence of technology controls and compliance in meeting regulatory and legal requirements
SKILLS AND TRAINING
Thorough knowledge of and security aspects of network systems.
Familiarity with network security concepts including firewalls, IPS and IDS
Knowledge of tools in following category: WebFiltering, EDR, SIEM, AV, IAM and Email Protection Systems
Ability to work under stress of meeting numerous deadlines and requests that sometimes compete in priority.
Ability and willingness to work a flexible schedule including weekends as necessary.
Ability to troubleshoot problems and implement suitable solutions.
Must keep current with technical aspects of position and know and use job-related functions and skills.
Ability to communicate effectively with both technical and non-technical colleagues.
Experience with risk assessment, certification and accreditation and enterprise security planning.
Understanding of best practice security methodologies.
Knowledge of any of: Critical Security Controls, FFIEC Examination Handbooks, NIST Cyber Security framework and Mitre ATT&CK framework.
Ability to train others.
Bachelor’s degree preferred or equivalent work experience.
3+ years in Information Security or Information Technology role
LICENSES AND/OR CERTIFICATES
At least one of: Security+, SSCP, CEH, GIAC, CISSP, CISA, CISM, or comparable certification highly desired
Work is performed in a normal office environment. Noise levels are usually moderate.
The hazards are mainly those present in a normal office setting.
Travel less than 5%
This job description may not be all-inclusive. Employees are expected to perform other duties as assigned and directed by management. Job descriptions and duties may be modified when deemed appropriate by management.
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to age 40 and over, color, disability, gender identity, genetic information, military or veteran status, national origin, race, religion, sex, sexual orientation or any other applicable status protected by state or local law.