Information Security Risk and Compliance Analyst

About The Position

Requirements

• At least 5 years of related experience, preferably within IT audit, governance, risk, or compliance domains.
• Additional industry certification related to information security or cybersecurity required (preferably: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).
• Working knowledge of IS and cybersecurity best practices, risks, and controls is imperative.
• Excellent analytical and organizational skills, with strong observational skills and attention to detail.
• Strong written and verbal communication skills, with ability to work with wide variety of audiences (e.g., senior management, entry level employees, etc.).
• Must have experience with Microsoft Office and similar applications for compilation and presentation of daily tasks.
• Intermediate Microsoft Excel experience required, including use of semi-complex functions.
• A significant level of trust and diplomacy is required to be an effective subject matter expert in the position.
• In-depth dialogues, conversations and explanations with employees, direct and indirect reports, and with outside vendors of a sensitive and/or highly confidential nature is a normal part of the daily activities.
• Communications can involve motivating, influencing, educating and/or advising management and employees matters on significance related to information security.

Nice To Haves

• Microsoft VBA knowledge preferred.

Responsibilities

• Monitor key system access changes, configurations, and other access controls and advise IT personnel and business management on access policies and best practices.
• Oversee process for researching and responding to employee and consumer reported suspicious e-mails, and assist with phishing e-mail escalation and handling.
• Maintain the Bank’s phishing email platform.
• Plan, perform, and monitor Bank social engineering and phishing exercises, including coordination with third-party provider and maintenance of internal phishing platform.
• Report exercise results to management.
• Manage the Bank’s security awareness training program, including developing training and awareness content, communicating with users in writing and verbally, and performing new employee training presentations.
• Perform IS risk assessments, such as GLBA-required information security assessments and electronic banking risk assessment, and other reviews of security control effectiveness.
• As needed, work directly with IT and business management to assess and advise on IS risks and controls.
• Participate in proactive team efforts to achieve departmental and company goals, including involvement in IS projects impacting the department’s processes.
• Perform other duties as assigned.
• Must comply with current applicable laws, regulations and bank policies and procedures.
• Comply with all safety policies, practices and procedures.
• Report all unsafe activities to supervisor and/or Human Resources.

Benefits

• Competitive compensation
• Retirement and savings plans
• Flexible Spending Accounts
• Paid time off and holidays
• Employee Assistance Program
• Health, Dental, Life and Disability coverage
• Parental Leave
• Professional development opportunities
• Career Advancement Pathways