Information Security Analyst

FUNCTION: Responsible for the daily supervision, execution, and effectiveness of the Bank’s Information Security Program the InfoSec team is responsible for a variety of functions in support of Risk Management’s mission to protect the confidentiality, integrity and availability of Bank assets and information. This is accomplished by identifying the assets and their associated threats, and by minimizing risks through the application of preventive, detective, and corrective controls.

Accountabilities

• Monitors Bank security systems for alerts and conducts appropriate investigations to their conclusion.
• Monitors Bank systems (Operations, IT, etc) for anomalies and conducts appropriate investigations to their conclusion.
• Develops standards, procedures, and documentation for information security policies, systems, and practices.
• Assists in overseeing the Bank’s Vulnerability Management Program
• Assists in overseeing the Bank’s Data Loss Prevention Program
• Assists in overseeing the Bank’s Phishing Prevention Program
• Assists in the facilitation of system risk assessments.
• Provides guidance to Bank departments on maintaining compliance with information security policies.
• Identifies direct non-compliance or general weaknesses the Bank’s information security posture and provides recommendations on improvements.
• Participates in the Bank’s Incident Response and Forensics Program.
• Stays current on Cyber and Information security trends and news.
• Makes an effort to continue their education in the Cyber and Information security field.
• Intentionally socializes with Bank personnel to ensure the Information Security department is a welcoming presence within the Bank.

General

• Interacts harmoniously and effectively with others, focusing upon the attainment of bank goals and objectives through a commitment to teamwork.
• Assists in ensuring that the Bank is in compliance with local, state and federal regulations.
• Conforms to acceptable punctuality/attendance standards as expressed in the Employee Handbook
• Must be able to work in a fast-paced environment with demonstrated ability to juggle multiple competing tasks and demands.

Skills/Knowledge

• College Degree or equivalent in education and work experience required.
• InfoSec, I.T, and/or Risk Management experience, preferably in the Banking industry.
• Strong analytical skills and ability to handle complex problems required.
• Strong written and verbal communication skills required.
• Knowledge in GLBA, PCI, FACTA regulations preferred.
• Strong understanding of security tools (DLP, Stateful Firewalls, IDS/IPS, EDR) required.
• Strong understanding of networking protocols preferred.
• Strong understanding of Windows and Linux operating systems and their management solutions preferred. 
• Knowledge in the AS/400 operating system preferred.

Levels

• Level I will be proactively training towards gaining sufficient knowledge in the processes and accountabilities associated with the position. May have little to no experience in the Information and Cybersecurity industries.
• Level II will be fully proficient in all, or nearly all, processes associated with the position, and be able to operate with minimal supervision or assistance. May have several years of experience in the Information and Cybersecurity industries.
• Level III/Lead will have a detailed understanding of job specific processes, will routinely work with highly complex or detailed problems, will proactively assist with projects and identifying process improvements.

Physical Demands/Conditions Requirements:

• General office environment. Moderate lifting (to 35 lbs.) required. Moderate reaching, walking, sitting and standing required.

Equipment Used:

• General office equipment.

External and internal applicants, as well as position incumbents who become disabled must be able to perform the essential functions (as listed) either unaided or with the assistance of a reasonable accommodation to be determined by management on an individual basis.