Information Security Analyst II

About The Position

Requirements

• Bachelor's degree (B. A.) from four-year college or university, preferably in Cybersecurity, Information Technology, Computer Science, or a related field.
• Experience: 3-5 years of experience in information security or related IT role, preferably in a financial services or banking environment
• Certifications (Preferred): CISSP, CISM, CISA, CEH, CompTIA Security+, GSEC, or similar certifications.

Nice To Haves

• Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters.
• Knowledge of security controls for servers, workstations, network routers, and firewalls.
• Knowledge of security and internal control frameworks such as: ISO 27001, NIST 800-53, COBIT and COSO.
• Experience with implementation and management of compliance requirements such as PCI and SOX.
• Understanding and familiarity with audit requirements and process.

Responsibilities

• Security Monitoring & Incident Response: Investigate security incidents, document findings, and assist in developing incident response plans to minimize impact and prevent recurrence.
• Risk Assessments: Conduct periodic risk assessments and recommend mitigation strategies to ensure that the bank's information systems are protected against evolving cyber threats.
• Policy & Compliance: Assist in the development and enforcement of security policies, procedures, and controls to meet industry best practices and regulatory requirements (e.g., PCI DSS, GLBA, SOX, FFIEC).
• Threat Intelligence: Stay updated on emerging threats, vulnerabilities, and security trends. Collaborate with other departments to proactively enhance the bank’s security posture and strategies.
• Audits: Conduct periodic audits of security controls and assist with internal and external audit request as needed. Coordinate vulnerability remediation efforts and track progress.
• Reporting & Documentation: Document security incidents, assessments, and activities. Assist in the creation of regular reports for management on the status of the bank's security posture.
• Security Awareness & Training: Support and participate in security awareness training programs for bank employees to promote safe computing practices and a culture of security awareness.
• Collaboration: Work closely with IT, compliance, and other departments to resolve security issues, implement security controls, and ensure that security measures are embedded into all areas of the bank's operations.