Information Security Analyst

At Axiom Bank, we encourage you to aim for the sky and leverage your expertise and passion to excel. We are a growing, dynamic organization – this is an exciting time to get on board!

We believe in the value of promoting a healthy work/life balance and are committed to recognizing the role everyone plays in our ongoing success. We offer the following benefits to our Full Time Employees:

• 12 Paid Holidays
• Generous Paid Time Off
• 4% Match on our 401(k)
• Medical, Dental and Vision Benefits
• 100% Company Paid Life, AD&D Insurance, Short and Long Term Disability

Key Responsibilities and Accountabilities

The Information Security Analyst works directly with the Information Security Officer (ISO) as a member of the Bank information security team. This position collaborates with Risk Management, Information Technology, Third-Party Risk Management, Enterprise Risk Management, Bank Compliance, Audit, HR, and Bank Operations personnel to maintain the Bank information security program and report on information security program compliance.

The Information Security Analyst’s Key Accountabilities include, but are not limited to the following:

• In support of ISO, respond to and work with internal and external auditors and regulators to maintain the information security program.
• Support the ISO in the maintenance, update, and implementation of policies, procedures, and standards related to the Bank information security program
• Participate in the Bank information security and third-party risk management procedures to identify, measure, monitor, correct, and report risks
• Participate in the Bank information security program assessments and audits
• Analyze and prepare response plans to internal and external assessments and audit tests conducted by internal teams and independent third parties
• Perform assigned technical and administrative security controls, such as
  • Conducting access reviews
  • Performing vulnerability scans and configuration reviews
  • Monitor, analyze, and respond to suspicious information security events, testing, and assessment results
  • Assist with threat hunting
  • Participate in business continuity, disaster recovery, and incident response exercises
• Report to the ISO on information security related issues and recommendations for changes
• Stay current with information security trends and industry research
• Other duties as assigned.

Supervision of Personnel

• None

Working Conditions

• This position is performed in a regular office work environment. Will require bending and reaching, and will spend considerable time in front of a computer screen and analyzing information; may require lifting up to 50 lbs. The incumbent will be expected to be able to work Monday through Friday and work will mainly be performed at the Maitland location but fully remote may be considered; occasional evening and weekend work will be required. Flexibility with work location and hours may be granted if circumstances permit.

Travel

• Up to 10 percent

Qualifications Summary

Education

• Bachelor’s degree in information systems, cybersecurity, or similar preferred
• Certified Information System Security Professional (CISSP) or significant progress towards this or a similar recognized professional certification (e.g., GIAC Security Essentials, CompTIA Security+, CISA)

Experience

• 3-7 years’ hands-on experience with information security governance, risk management or operations
• Deep knowledge of industry recognized information security standards (e.g., NIST CSF, ISO 27001, NIST 800-53, FFIEC, PCI)
• Experience working with external regulators and auditors in a heavily regulated industry preferred
• Experience working with one or more automated GRC platforms a plus.

Knowledge & Skills:

• Knowledge of applicable banking compliance regulations (e.g., FFIEC, OCC, GDPR, GLBA)
• Understanding of OCC, FFIEC, Federal Reserve, SOC 1/2, and PCI reporting
• Strong Interpersonal skills and customer service are crucial
• Skilled in assessing technical system controls including access rules, authentication, encryption, data protection, configurations, and similar
• Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits
• Knowledge of network related protocols (e.g., TCP/IP, UDP, IPSEC, routing protocols)
• Knowledge of Microsoft Office and Windows operating systems
• Ability to work with managed security service providers, vendors, and partners in the delivery of information security services
• Ability to gather, review, and analyze forensic evidence during investigations preferred      
• Able to meet deadlines and resolve problems in a timely manner
• Must remain well versed in security trends and threats in the banking industry

Other Duties - Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

(Reasonable accommodations may be made to enable individuals with disabilities to perform these tasks. If you need an accommodation, please contact us at hr@axiombanking.com)

Axiom Bank does not discriminate in employment opportunities or practices on the basis of any protected status. It is the policy of Axiom Bank to conduct background, credit reference and drug screening tests as a condition of employment. Drug Free Workplace. EOE/AA/Minority, Female, Disabled, Veteran

Axiom Bank is not seeking assistance or accepting unsolicited resumes from search firms for employment or contractor opportunities. Any resumes submitted without a valid contract will be considered the sole property of Axiom Bank and no fee will be paid.