Security Administrator

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or related field; or equivalent experience.
• 3+ years of experience in IT security, systems administration, or network administration.
• Working knowledge of cybersecurity principles, frameworks, and best practices (NIST, CIS, FFIEC).
• Experience with security tools such as MFA, endpoint protection, SIEM, firewalls, and vulnerability scanners.
• High integrity and alignment with the Bank’s mission and values.
• Ability to handle sensitive information with discretion and professionalism.

Nice To Haves

• Experience in banking, financial services, or other regulated industries.
• Familiarity with regulatory requirements (FDIC, FFIEC, GLBA).
• Certifications such as Security+, CySA+, CCNA, CISA, CISM, or CISSP (or willingness to pursue).
• Experience with vendor management or risk management programs.

Responsibilities

• Oversee and monitor user access management processes, including provisioning, deprovisioning, and periodic access reviews, to ensure compliance with the Bank’s security policies and segregation‑of‑duties requirements.
• Administer security tools including MFA, endpoint protection, SIEM, email security, vulnerability scanning, and identity management platforms.
• Maintain oversight of privileged access accounts and monitor for anomalous activity.
• Maintain documentation and audit trails related to access control decisions.
• Support identity governance initiatives and contribute to the development of access control standards and procedures.
• Monitor security alerts, investigate suspicious activity, and serve as the escalation point for the Network and Systems Administration teams to ensure timely and appropriate incident response.
• Provide oversight of firewall, network security, and endpoint security configurations to ensure alignment with security policies, regulatory expectations, and architectural standards; collaborate with administrators on design and improvements while not performing routine maintenance or operational configuration changes.
• Review and validate the effectiveness of security controls implemented by IT Operations, identifying gaps and recommending enhancements.
• Participate in security architecture and design discussions to ensure new systems and changes incorporate appropriate security controls from the outset.
• Maintain documentation, standards, and governance artifacts related to security operations and control effectiveness.
• Provide governance and oversight of the Bank’s vulnerability management program, including vulnerability scanning, risk assessment, prioritization, and remediation tracking.
• Validate that vulnerabilities are appropriately risk‑rated, assigned to system owners, and remediated within defined SLAs.
• Monitor patch management processes for effectiveness, policy compliance, and alignment with regulatory expectations.
• Prepare vulnerability management metrics and reports for senior leadership and the Board.
• Recommend improvements to vulnerability scanning, remediation workflows, and overall program maturity.
• Assist with maintaining the Information Security Program, policies, and procedures.
• Support annual risk assessments, including IT risk, cybersecurity risk, vendor risk, and business continuity.
• Participate in internal and external audits, regulatory exams, and controls testing.
• Maintain documentation required for FFIEC, FDIC, and state regulatory compliance.
• Track remediation of audit and exam findings.
• Support due diligence reviews, contract evaluations, and ongoing monitoring of critical vendors.
• Evaluate cybersecurity and operational risks associated with third‑party vendors.
• Assist in assessing vendor cybersecurity posture and alignment with Bank and regulatory standards.
• Assist in maintaining and testing the Bank’s Business Continuity Plan (BCP) and Disaster Recovery (DR) program.
• Participate in tabletop and other DR exercises and incident response activities.
• Document incidents, lessons learned, and corrective actions.
• Develop and deliver educational materials to promote a strong security culture.
• Develop and deliver ongoing security awareness training, including role-based modules for high‑risk departments.
• Administer phishing, vishing, and smishing simulations and track program metrics.
• Create monthly/quarterly security communications and educational materials.
• Lead new-hire security orientation.
• Promote a strong security culture through campaigns, contests, and awareness events.
• Collaborate with HR, Compliance, and department managers to reinforce secure behaviors and policy adherence.
• Partner with the Marketing team to develop short, consumer‑friendly cybersecurity “bytes” for social media, email newsletters, and the Bank’s website to educate our customers on emerging threats, fraud prevention, and safe digital banking practices.
• Support the Bank’s Enterprise Risk Management (ERM) framework by identifying, assessing, and documenting information security and technology risks.
• Maintain and update risk registers, control inventories, and risk assessments related to cybersecurity, technology operations, and third‑party vendors.
• Collaborate with ERM, Compliance, and Internal Audit to ensure alignment of controls, testing, and remediation activities.
• Contribute to the development of risk appetite statements, key risk indicators (KRIs), and risk reporting for senior leadership and the Board.
• Provide risk‑based recommendations to strengthen controls, reduce exposure, and improve overall security posture.
• Gain responsibility for cybersecurity strategy and roadmap development.
• Lead components of the Information Security Program.
• Present security updates to senior leadership and the Board.
• Oversee enterprise risk governance related to information security.
• Serve as primary liaison for audits, exams, and regulatory inquiries.
• Assume full ISO responsibilities upon demonstrated readiness.