IT Security Operations Analyst

Under the direction of the Manager, responsible for day-to-day information security operations activities. Provides enterprise-wide, risk-based security and continuity capabilities to meet changing internal and external security threats.

Security Monitoring

• Monitors Information Technology (IT) security controls (Data Loss Prevention, IDS/IPS, Endpoint Protection, Email Security, SIEM)
• Assists in monitoring syslog and security alerts to help identify unusual activity or potential threats. Supports investigations by gathering relevant log data and escalating as needed. (Senior) Monitors and analyzes syslog and security system alerts to detect anomalies, identify potential threats, and assess security incidents. Proactively investigates suspicious activity and escalates issues in accordance with established protocols.
• Monitors system security threat levels and develops appropriate alerting and reporting processes. Acts as an escalation point for security incidents. Initiates and executes incidence response procedures for information security events.
• Monitors external sources of IT security and threat intelligence information to gain the latest insight into current threats. Monitors trends and new developments in IT security.
• Logs and tracks security issues, responds to questions/support requests, and meets established service levels. Reports information security metrics and data to management. Provides detailed and thorough written analysis results for security incidents/events to appropriate parties.
• Assists with containment of threats and remediation of environment during or after an incident.

Security Operations Support

• Administers and supports IT security systems, including, but not limited to, system administration, configuration management, and vulnerability management.
• Implements security updates and enhancements in accordance with corporate policies and IT standards.  
• Assists in security system updates, and ensures processes are in place so similar updates are applied to underlying infrastructure and associated interfaces.
• Maintains documentation of security procedures, security system configuration standards, maintenance, and upgrades. Maintains knowledge of assigned products and services.
• Follows risk management guidelines and procedures and ensures compliance with applicable BOH policies.

Implementation

• Implements and maintains security systems as specified by a given set of requirements.
• Ensures systems configuration changes produced individually or by vendors adheres to the Bank’s standards and applicable business requirements.
• Develops and maintains documentation of all technical development and subsequent revisions.
• Maintains and enhances third-party software. (Senior) Supports the development and implementation of system configurations under the guidance of the Manager and CISO to help strengthen the organization’s security stack and align with established security policies and goals.
• Plans and executes security application and systems installations and upgrades, including security and program configuration and maintenance for business applications and databases in production, development, test, and disaster recovery environments.

Vendor Management 

• Coordinates with and maintains highly collaborative relationships with vendors.

Leadership 

• Participates in team events and projects. (Senior) Participates in and supports team members with events, projects and information security initiatives.
• Contributes to Information Security Operations Center projects and initiatives. 
• Educates users on security processes. (Senior) Acts as an IT security consultant.
• Takes ownership of learning technical aspects of the security tools and procedures through cross training and research
• Takes initiative to become educated and knowledgeable on security topics. 
• Develops and communicates career goals to management, works with management to develop plan for achieving career objectives.
• (Senior) Provides cross training with other team members to maintain effective back-up.  Participates in the evaluation and implementation of new security technology. Participates in interviews and selection of prospective new staff members.

Performs all other miscellaneous responsibilities and duties as assigned.
 

Education: Bachelor’s degree in computer science or management information systems from an accredited institution or equivalent work experience.

Experience: Level is dependent on years of experience and size/complexity of prior positions held.  

• Analyst:  Minimum 2 years of related experience in information technology.
• Senior Analyst:  Minimum 4 years of related experience in information technology with 1 year in a security-based role.

Technical Skills: Demonstrated proficiency and expertise with personal computers in a networked environment and with Microsoft Office applications or similar software. Knowledge of or ability to use Bank software and systems. In addition, should have most or all the following knowledge and experience:
•    Microsoft, Cisco, ISC2, SANs, CompTIA certifications preferred but not required.
•    Microsoft Active Directory and Domain Administration
•    Solid working knowledge and experience in Windows systems administration, systems monitoring, troubleshooting, installing, and configuring Windows, patching and securing the Windows Operating System
•    Solid working knowledge in using syslog and log management tools for system diagnostics, and troubleshootingBasic networking knowledge (routing, port/protocol, firewalls)
•    Basic knowledge of server virtualization concepts, imaging, and configuration management
•    Basic scripting knowledge such as Windows PowerShell, VBScript, and DOS. 
•    Basic Linux/Unix knowledge
•    Basic Virtual Environment knowledge
•    Knowledge and understanding of industry trends and new technologies.

Other Job Qualifications:  
•    Excellent oral and written communication skills. 
•    Effective people skills and collaborative style to include teamwork and team building. 
•    Ability to work independently and drive assigned tasks through to completion.
•    Effective conflict management and negotiating skills.
•    Self-starter with a strong willingness to learn and accept instruction.
•    Capacity to take initiative, ability to accept change and adapt to shifting priorities.
•    Willingness to identify problems and produce creative solutions.
•    Willingness to become a 'subject matter expert' in multiple support areas.
•    Possess critical thinking, analytical ability, and critical thinking skills. 
•    Able to think and react positively and professionally even in stressful situations.
•    Effective time management and prioritization skills.
•    Able to work flexible hours including holidays, weekends and evenings as needed and assigned.

As a Bank of Hawaii employee, you ensure (or assist with ensuring) compliance with applicable laws, regulations, regulatory requirements and Bank policies and procedures, including but not limited to those related to Fair Banking, Anti-Money Laundering laws and regulations, Bank Secrecy Act and USA PATRIOT Act.

Delivering exceptional customer experiences is at the heart of what we do at Bank of Hawaii.  We listen, understand and deliver what our customers need to help them build a better tomorrow.

We are an EEO/AA employer, including disability and veterans.  For Bank of Hawaii's full EEO statement, please visit  https://www.boh.com/careers.