INFORMATION SECURITY ADMINISTRATOR

About The Position

Requirements

• Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
• Excellent written and verbal communication skills - including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences - and strong interpersonal and collaborative skills
• High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
• Demonstrated experience in executing/delivering cross functional projects in a dynamic, fast-paced environment with a sophisticated ability to balance security strategies and other priorities at the organizational level.
• Ability to formulate conclusions and recommend courses of action.
• Excellent organizational skills and adept at multi-tasking and initiating/driving projects though completion.
• Collaborate with IT operation team, Application team, BI & data management team, executives etc.
• Bachelor’s degree in computer science, Cybersecurity, or related field or equivalent experience; master’s degree preferred. Any or all the following certifications are preferred: CISSP, CISMP.
• 7 years of experience with 4+ years in Security operations leadership role, which may include information security, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention, Identity Management)

Responsibilities

• Design, develop, Implement and manage cybersecurity policies, protocols, tools and incident response plans aligned with NIST Framework or ISO 27001
• Oversee vulnerability scanning and remediation program. Prioritize risks based on business impact and address risks. Identify systemic security weaknesses.
• Supervise cybersecurity SOC/MDR, consultants, SaaS providers and IT professionals, ensuring effective threat monitoring, incident response, and resource allocation.
• Ensure the effectiveness of security tools (firewalls, encryption, intrusion detection) as well as timely system updates/patches.
• Work together with Risk, Compliance and IT functions to identify, mitigate and manage security risks aligning with the organizational goals and objectives.
• Lead breach investigations, coordinate forensic analysis, and communicate with stakeholders during crises.
• Monitor third-party security practices and ensure adherence to data privacy laws (e.g., GLBA).
• Recommend and implement security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Overseas the administration, design, configuration, integration, and maintenance of the Bank’s security architecture, including the following solutions: 1. SIEM, MDR and EDR 2. Email security 3. Network Firewalls 4. File Integrity Monitoring solution 5. Identity Management, SSO & MFA 6. Privileged Access Management 7. Network Access Control 8. Microsoft 365 Security 
• Be a final resource in the security incident response planning as well as the investigation of security events including being the technical lead and subject matter expert in the Incident Response Team (IRT), as needed.
• Exercises discretion and independent judgment in evaluating challenges and limitations to determine appropriate resolutions that strengthen the Bank’s security posture.
• Performs related duties as assigned.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• 401k retirement savings plan
• paid federal holidays