Information Security Analyst I

Under the general supervision of the Information Security Officer, the Information Security Analyst is responsible for designing, developing, implementing, and maintaining security programs, policies, and products to protect LSNB’s networks and computer systems. The role of Information Security Analyst at our financial institution is to ensure our systems and data are protected from unauthorized access, modification, or destruction. The Analyst will work to identify and assess security risks, implement security measures to mitigate those risks, and monitor our systems to detect and respond to security incidents. The purpose of this position is to assure that information created, acquired, or maintained by LSNB, and its authorized users, is used in accordance with its intended purpose; to protect LSNB’s system information and its infrastructure from external and internal threats; and to assure that the organization complies with statutory, and regulatory requirements regarding information access, security, and privacy.

The duties listed below may not include all responsibilities that the person in this role may be asked to perform. Incumbent may be required to perform other related duties, as assigned, including cross training across other departments, as necessary.

• Investigates security incidents and provides recommendations for remediation and prevention.
• Compiles data and prepares reports on the status of incidents, security events and general security information.
• Participates in incident response planning and testing.
• Serves as the point of contact for security related events from internal and external relationships.
• Monitors the organization’s networks for security breaches and investigates when one occurs.
• Tracks compliance of security policies and procedures throughout the organization.
• Develops and delivers security awareness training to employees to promote a culture of security within the organization.
• Ensures the information security program meets pertinent government and industry requirements e.g., GLBA, HIPAA, PCI-DSS.
• Analyzes log data from several sources to develop historical trends, monitoring metrics and security baselines and provides visibility of internal and external threats.
• Assists in the development and implementation of policies and procedures to ensure adherence to regulatory requirements and internal security standards.
• Coordinates with internal stakeholders, including IT and Risk Management, to ensure the security of our infrastructure and data.
• Conducts regular security assessments of our systems and applications to identify vulnerabilities and threats.
• Ensures the information security program provides the necessary safeguards to protect business practices and meet regulatory requirements.
• Monitors security systems, including firewalls and intrusion detection systems, to detect and respond to security incidents.
• Maintains knowledge of emerging security threats and trends and provides guidance to management and other employees to achieve security best practices.

QUALIFICATIONS

These specifications are general guidelines based on the minimum experience normally considered essential to the satisfactory performance of this position. The requirements listed below are representative of the knowledge, skill and/or ability required to perform the position in a satisfactory manner. Individual abilities may result in some deviation from these guidelines.

• 1 year of experience in Information Security, preferably in the financial industry.
• Familiarity with security frameworks such as NIST, ISO 27001, and PCI DSS
• Knowledge of network and server infrastructure, as well as cloud computing and mobile security
• Experience with security tools such as SIEM, vulnerability scanners, and endpoint detection and response systems
• Excellent communication and interpersonal skills, with the ability to work collaboratively across departments.
• Associates degree in Computer Information Systems or a related field (Bachelor’s degree in Computer Science, Cybersecurity, or related field is preferred)

• Problem-solving and the ability to prioritize tasks.
• Familiarity with some of these tools: Wireshark, Metasploit,
• Visual and mental concentration are necessary for accurately performing tasks, working at computer for long periods of time, working in a fast-paced environment and handling frequent interruptions.
• CompTIA Security Plus, GISP. GISF, CISSP, CISM, or relevant certifications are preferred.
• Bilingual in English and Spanish is desired.
• Personal computer experience with working knowledge of Microsoft Office Professional,

Physical Requirements: This job typically operates in a professional office environment and routinely uses standard office equipment such as computers, phones, and printers. The incumbent is occasionally required to lift and move equipment weighing up to 50 pounds. Position requires extended periods of sitting.

Work Environment: The work environment is a typical office setting with moderate noise levels. The work schedule is generally Monday through Friday during normal business hours but may require off-hours availability for incident response or maintenance activities.

ORGANIZATION

• This position reports to the Information Security Officer.
• This position does not oversee other positions.

TRAINING REQUIREMENTS

All employees are required to attend scheduled mandatory trainings and complete online regulatory compliance training courses applicable to their specific job function. In all situations, employees must ensure that their actions fully comply with all federal banking laws and regulations, including internal bank policies and procedures. Failure to adhere to these requirements will be grounds for disciplinary action, including probation and possible termination.

COMMUNITY INVOLVEMENT

Lone Star National Bank’s Mission Statement includes a commitment to helping our communities grow by serving them with pride and integrity. All employees are encouraged to volunteer for bank sponsored activities, civic, charitable and community events and to be active in the communities we serve.

ATTENDANCE

Punctuality and regular attendance should be regarded as essential functions of any position at Lone Star National Bank.

Among other things, "good attendance habits" mean the following:

• Remain at your workstation, unless the needs of the job require being elsewhere, except during authorized breaks (including restroom breaks)
• Alternate work arrangements such as telecommuting or working from home are not permitted by Lone Star National Bank
• Take only the time normally allowed for breaks.
• Be at your workstation ready for work by the start of each workday.
• Call in and notify your supervisor or another member of management if you are going to be either absent or tardy.

LSNB is an Equal Opportunity/Affirmative Action Employer and does not discriminate in the recruitment, hiring, and conditions of employment based on race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, marital status, disability, age, veteran status, or any other status as protected by applicable laws.

Management reserves the right to change this position description at any time according to business needs.