Information Security Analyst

About The Position

Requirements

• Education: Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
• Experience: Minimum of one (1) year working in the Information Security field and three (3) years in an IT environment, preferably in the financial services industry. An equivalent combination of education and experience may be considered.
• Comprehensive Skills: Employees are expected to represent the Bank in a professional manner to customers and outside contacts. Employees must have excellent interpersonal communication skills, consisting of the ability to write and speak effectively to others. Employees must be a productive team player, with the ability to learn, apply training and comprehend policies and procedures. Employees should also be flexible to changing working situations and able to meet deadlines as they arise.
• Specific Skills: Strong analytical skills with the ability to research and investigate.
• Ability to work independently in a multi-task environment with a sense of urgency.
• Ability to explain technical terms with all levels of management and staff and develop good working relationships with a commitment to excellent customer service.
• Strong planning and organizational skills.
• Specialized: Familiar with various SIEM-related technology
• Licenses: Professional certifications such as SSCP, GIAC, or other related certification(s), or willingness to obtain within one year.
• Physical requirements: The physical demands described here are representative of those that must be met by an employee in order to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Primarily sedentary work performed in an office environment
• Ability to sit for extended periods of time while working at a computer
• Frequent use of hands and fingers to operate a computer, keyboard, mouse, and other office equipment
• Ability to speak clearly and hear well enough to communicate with clients, team members, and vendors via phone, video, and in person
• Visual acuity sufficient to read computer screens, printed documents, and financial data
• Occasional standing, walking, bending, or reaching
• Ability to lift and carry up to 10–15 pounds occasionally (e.g., files, office supplies)
• Employees must also have the ability and means to travel as necessary for the purpose of attending training, meetings, and other various business functions.

Responsibilities

• Configure, manage and maintain the SIEM platform to ensure effective aggregation and analysis of security events from various sources with a security use case.
• Develop and refine SIEM use cases, correlation rules, alerts, and dashboards to enhance threat detection capabilities.
• Monitor SIEM alerts and logs to identify potential security incidents and anomalies.
• Integrate new data sources into the SIEM and optimize log collection strategies.
• Monitor SIEM licensing and capacity for comprehension without waste.
• Perform privilege access management systems, enforcing least privilege principles and monitoring access controls.
• Continuously monitor security systems, including intrusion detection/prevention systems, firewalls, and endpoint protection tools.
• Analyze security events and incidents to determine root causes and impacts.
• Coordinate with IT teams to investigate and remediate security issues.
• Participate in the incident response process, including detection, analysis, containment, eradication, recovery, and post-incident activities.
• Document security incidents thoroughly and contribute to incident reports and recommendations.
• Assist in the development and improvement of incident response plans and procedures.
• Conduct vulnerability scans and assessments of systems, networks, and applications.
• Analyze scan results, prioritize vulnerabilities based on risk, and collaborate with relevant teams to implement remediation strategies.
• Track and report on the status of vulnerability remediation efforts.
• Stay informed about current and emerging cybersecurity threats, vulnerabilities, and attack vectors.
• Incorporate threat intelligence into security monitoring and defense strategies.
• Provide insights and recommendations based on threat trends and patterns.
• Ensure adherence to information security policies, standards, and regulatory requirements such as FFIEC, GLBA, and PCI DSS.
• Prepare and deliver regular security reports, metrics, and dashboards for management and stakeholders.
• Assist with internal and external audits by providing necessary documentation and addressing findings.
• Support the development, review, and updating of information security policies, procedures, and guidelines.
• Promote security awareness by assisting in the creation of training materials and participating in awareness initiatives.
• Work closely with IT Operations, Network Engineering, and other departments to integrate security considerations into projects and initiatives.
• Provide guidance and support on security best practices and technical solutions.
• Evaluate and recommend security tools and technologies to enhance defense capabilities.
• Participate in security projects and initiatives as assigned.
• Complete information security projects and implement new tools.
• Perform back-up duties (i.e. business continuity) for the Information Security Officer.
• Research new data security trends, keep up-to-date with current events and new threats in data security and participate in relevant training courses.
• Provide assistance to Internal Audit and regulators with IT-related requests.
• Ability to perform Senior Information Security Analyst(s) duties where redundancy is necessary.
• Complete other job-related duties, and/or projects, as assigned.
• Complete relevant annual training upon approval by the Director of Information Security.

Benefits

• 401(K) with a company match of up to 6%
• ESOP employer match
• Medical insurance
• Dental insurance
• Vision insurance
• Cancer/Disease insurance
• Accident insurance
• Flexible Spending Accounts
• Flexible Savings Accounts
• Health Savings Accounts
• Bank paid Life/AD&D insurance
• Voluntary Life/AD&D insurance
• Bank paid Short-Term and Long-Term Disability insurance
• Employee Stock Purchase Plan
• Employee Assistance Program