Information Security Associate

Key Responsibilities:

• Review and update documentation for policies, procedures, standards and guidelines
• Research and evaluate applications and services for use by the institution. Provide a matrix when possible, detailing features within each different application or service.
• Assistance with the deployment and upkeep of the information security department’s website content
• Provide first level compliance monitoring and investigations
• Assist with forensics analysis and fact gathering
• Assist with user access reviews and security audits
• Assist with document and information gathering for audits, risk assessments, and vendor reviews
• Assist with creating and running phishing simulations
• Assist with vulnerability assessments and penetration testing for specific applications, services, networks, and servers as required
• Assist with applications/tools including but not limited to SIEM, IPS, NetFlow, e-mail gateway protection and encryption, endpoint protection, content filtering and DLP tools
• Perform compliance audits against institutionally accepted security controls
• Record and track IT security incidents, including but not limited to compromised accounts, e-mail threats, and abuse reports from various sources
• Help to deliver cybersecurity awareness training
• Serve in weekend InfoSec on-call rotation
• Comply with privacy policies and procedures to maintain customer confidentiality and information protection
• Comply with all federal, state, and local regulatory rules and regulations governing financial institutions, as well as all company policies and procedures
• Complete and pass all required regulatory compliance training as assigned
• Maintain accurate and up-to-date records of security assessments, compliance reports, incident response activities, and security alert responses.
• Perform any additional duties and tasks assigned by management
  
  

Qualifications & Skills:

• 2 years or more of previous information security or cybersecurity experience
• Strong understanding of IT systems, network security, and cybersecurity best practices.
• Knowledge of relevant regulations and standards (e.g., GLBA, GDPR, HIPAA, ISO 27001).
• Ability to identify creative solutions to complex problems in low-resource situations.
• Basic experience in security tools and technologies.
• Familiarity with IT security procedures, risk assessments, and audits.
• Familiarity with security scripting and automation.
• Maintain a deep interest in computing and cybersecurity
• Problem-solving capabilities
• Knowledgeable about computers, including networks, operating systems, applications and web apps
• Ability to work and communicate in a fast-paced dynamic team environment and contribute new ideas and skills to IT tasks and projects
• Excellent interpersonal, verbal, and written communication skills
• Exceptional analytical skills and a desire to delve into complex problems

Education:

• Associate's degree in Information Security, Computer Science, or a related field, or equivalent experience- Required
• Relevant certifications, such as CEH or CompTIA Security+ - Preferred.