Enterprise Security Analyst II

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or equivalent knowledge required. Relevant experience may be substituted in lieu of education.
• Minimum of five (5) years of combined Information Technology and/or Cybersecurity experience required.
• Strong written and verbal communication skills, with the ability to clearly convey information to diverse audiences.
• Good troubleshooting and analytical skills, with the ability to logically assess and resolve issues.
• Ability to critically analyze threats and quickly determine severity and appropriate mitigation responses.
• Ability to work in time-sensitive, high-pressure situations while maintaining composure.
• A desire to provide outstanding service to employees and members.
• Ongoing desire to improve processes and systems that bring added efficiency and faster response times.
• Willingness to adapt to change as needed, recognizing that change is inevitable.
• Ability to work a flexible schedule, including evenings and weekends when required.

Nice To Haves

• Working knowledge of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbooks is preferred.
• Advanced certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), and/or Global Information Assurance Certification (GIAC) are preferred.
• Familiarity with industry-standard cybersecurity frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), the Center for Internet Security (CIS) Critical Security Controls, and the MITRE ATT&CK Framework, is preferred.

Responsibilities

• Monitor and investigate: Continuously monitor networks and systems for security events, investigate incidents, and promptly notify the ISO, providing threat analysis and remediation recommendations.
• Implement security systems: Install and maintain security software, appliances, and systems to protect sensitive information and critical systems from unauthorized or malicious access.
• Participate in incident response: Follow incident response plans, participating in investigations of security events and incidents in collaboration with the Technology Services and Risk Management departments.
• Implement security controls: At the direction of the ISO, implement security policies, procedures, and controls across the organization.
• Remain current on the threat landscape: Monitor emerging cyber threats and vulnerabilities and recommend adjustments to security measures as appropriate.
• Communicate security risks: Communicate identified security risks to the ISO in an effective and timely manner, along with proposed mitigation steps.
• Support security documentation: Support the ISO in drafting information security policies, procedures, and guidance aligned with the organization’s security goals, objectives, and roadmap.
• Participate in identifying, assessing, and mitigating risks: Participate in risk assessments to identify potential threats and vulnerabilities to information assets, contribute to the development of mitigation plans for identified gaps, and support the maintenance of a risk register to track and report on the status of proposed resolutions through completion.
• Contribute to projects: Participate as assigned on project teams to promote security awareness and ensure that security is factored into projects from the design phase through implementation. Support the ISO on projects that involve security tool and system upgrades, replacements, and additions.
• Promote compliance: Demonstrate a commitment to compliance by implementing practices that align with security and privacy policies as well as applicable laws, regulations, and guidelines.
• Participate in business continuity and disaster recovery activities: With minimal oversight, carry out assigned roles to restore systems and recover from security incidents to minimize downtime and impact.
• Vendor analysis: Participate in the assessment and management of security risks associated with technology and information services provided through third-party vendors and contractors.
• Demonstrate security professionalism: Actively participate in training and professional development to maintain and enhance knowledge and skills appropriate to a security professional committed to security awareness and continuous improvement.
• Promote security awareness: Advocate for organizational security policies and best practices with all users.
• Support the ISO with security training: Participate in security awareness training initiatives led by the ISO.
• Maintain open lines of communication with stakeholders across the organization to promote collaboration.
• Develop and maintain knowledge of security and privacy policies, laws, and regulations to promote compliance and to provide guidance to other stakeholders across the organization upon request.
• Complete annual compliance training and engage in ongoing professional development activities.