Sr Information Security Analyst

Job Summary

The Sr. Information Security Analyst (Analyst) designs, configures, administers, and monitors information security controls at F&M Bank. The Analyst assists the CISO with risk assessment activities, selecting and implementing security controls, and documenting the results of their activities while executing the Information Security Program. The Analyst assists with incident response and may require after-hours support if there are production issues with security controls.

 

Essential Duties

• The Analyst is responsible for the selection, design, configuration, administration, and monitoring of security controls, including maintaining reliability, performance, and availability of the systems. 
• The Analyst contributes to IT and Information Security risk assessment documentation using an understanding of IT and Information Security risks and controls.
• The Analyst will participate in research and development of security technologies that will assess/monitor/reduce vulnerabilities for the enterprise. 

• The Analyst will automate security activities and data analysis via system automation scripting and data management (Python, PowerShell)

• The Analyst must document their activities in activity logs, periodic reports, problem management systems, change management systems, project tracking systems, and other similar systems. 
• The Analyst must document system design and configuration information. 
• Documentation must be factually accurate and conform to business writing standards with minimal spelling, grammatical, or syntactical errors.
• The Analyst must be able to follow Change Management procedures and minimize disruption to production systems by exercising good judgment and due care.

 

Essential Duty – On Call Support  

When scheduled for on-call duty, responsible for all end-user support after hours, and ensuring that response times and service levels are within the guidelines established by management. Bank Security personnel must ensure that cell phones are on and available in the event of end-user support call or outage alert via text message.  Bank Security personnel may be expected to be available to respond to critical situations, even if not scheduled for on-call duty. 

 Complies with all State and Federal Banking regulatory requirements, including but not limited to: BSA, Anti-Money Laundering OFAC, CIP, Financial Elder Abuse Reporting, Sexual Harassment, Information Security and privacy requirements.  This position will elevate suspicious activity to supervisory staff and/or BSA department.  Completes compliance and other technical training workshops as assigned. Non-Essential Duties

• Security-related MS SQL database administration

Required Knowledge 

• Understanding of information security concepts and domains
• Experience administering server or network systems Understanding and/or experience with the following security technologies, firewalls (Fortinet/Cisco), web application firewalls, IDS/IPS, e-mail encryption gateways, vulnerability scanning tools, forensics tools
• Exposure to log/packet capturing & decoding of various attack signatures, such as recognizing SQL injections, cross-site scripting attacks, etc.
• Experience working with vendors to implement security-related projects
• Strong understanding of Microsoft Active Directory access rights, user access provisioning, SQL access and Operating System security
• Understanding and/or experience with the following security technologies, firewalls, web application firewalls, IDS/IPS, e-mail encryption gateways, vulnerability scanning tools, forensics tools
• Exposure to log/packet capturing & decoding of various attack signatures, such as recognizing SQL injections, cross-site scripting attacks, etc.
• Ethernet, TCP/IP, DHCP, DNS, Active Directory and enterprise level backup software
• Experience with SIEM systems such as SumoLogic or Splunk.

 

Basic Knowledge, Skills and Abilities

• Effective verbal and written communications, including documenting activities, writing reports, and presentation skills for findings and recommendations
• Clear understanding of the English language (spoken and written) 
• Customer service skills
• Time management skills 
• Project planning and execution skills
• Detail-oriented 
• Critical thinking, judgment and problem solving skills
• Ability to actively listen and learn.
• Ability to work both independently and with others at all levels. 
• Ability to respectfully communicate with Supervisors and Co-workers
• Ability to effectively deal with unpleasant, angry or discourteous people

 

Officer Title Eligibility 

For qualified positions, the Bank may designate Officer Titles to employees who meet defined competencies for an eligible position. This position is not eligible for an Officer Title.

 

Equipment Operated

• Desk top Computers 
• Standard Office Equipment (copiers, fax machines) 
• Information Security software and hardware

 

Physical Requirements & Work Environment 

• Requires sitting for prolong periods of time
• Requires lifting up to 25 lbs.
• Office setting w/controlled temperature 
• Requires repetitive movement.

 

Education and Experience 

• Minimum of six years of applicable security and system administration experience
• Bachelors in computer science or equivalent required. 
• Network certification preferred such as CCDA, CCNA, CCDP, CCIE, etc.
• Security Certifications preferred from GIAC, ISC2, CompTIA such as CISSP, SSCP, CCSP, GCIH, CEH, etc.

 

As a part of the Bank’s internal control systems, employees holding sensitive positions are required to be absent from their duties for a minimum of two consecutive weeks each year. This position has been deemed to meet the test for a sensitive position, and therefore you will be required to meet the minimum absence requirement each and every year.

 

This job description is not intended to be all-inclusive, and employees will be required to perform additional related work duties as assigned by their immediate supervisor and/or management.

                   

Farmers and Merchants Bank of Long Beach reserves the right to revise or change job duties and responsibilities as the need arises. This job description does not constitute a written or implied contract of employment.