Information Security Analyst Jobs

OVERALL OBJECTIVE
The Information Security Analyst is primarily responsible for governance functions including but not limited to information security risk assessments, continuous monitoring functions, vendor due diligence, and related initiatives in support of the Bank’s Information Security Program (ISP). Ensures projects, products and services meet the Bank’s policies, procedures and regulatory standards while delivering business requirements; and implements and maintains the ISP’s approach to information security in an effective and efficient manner that is both balanced and consistent with the Vision, Mission and Values of the Bank. Security Governance focused on reducing information security risk, communicating and enforcing information security policies, documentation management, identifying risk, providing regulatory guidance for risk assessments and projects. Provide broader support of the ISP through policy development, incident response, internal / external audits, and training and awareness; manages a number of related initiatives underway; and provides operational and program-level support to Information Security and its partners.
ESSENTIAL FUNCTIONS

• Researches, recommends, and contributes to information security polices, standards, and procedures. Assists with the lifecycle management of information security policies and supporting documents.
• Responsible for driving governance around the assurance tests and including security health check of the servers, network devices, vulnerability assessment of the infrastructure, ID Validation etc
• Assist with conducting information security risk assessments for Bank information assets and supporting information systems.
• Recognizes issues and escalates to the appropriate parties; Recognizes and resolves issues as they arise, with guidance.
• Monitor and evaluate the impact of applicable federal and state regulations as they relate to information security;
• Provide consulting and advisory services to Business Lines and other departments.
• Support internal and external audit activities related to cybersecurity.
• Accountable for operational aspects of Liberty Bank’s security governance, maintaining, and protecting Liberty Bank’s and customer data in accordance with the applicable regulatory guidance and NIST frameworks
• Manage multiple or more complex IT Security Governance projects that may span company-wide initiatives within scope, timeline, and budget.
• Works with other organizational participants to implement information security policies.
• Monitor authoritative sources for new, emerging or resurgent information security threats; evaluate potential impact and risk to the Bank; and provide actionable recommendations to the CISO.
• Identify and evaluate information security risks, current risk mitigation/remediation capabilities and related opportunities for improvement.
• Applies technical knowledge to innovation and performance improvement while demonstrating critical thinking and sound logic when assessing problems and opportunities in generating solutions.
• Provide expertise in the development and support of governance activities, processes and tools for protecting information assets.
• Facilitates the remediation of control gaps and escalates critical issues to leadership
• Understands and supports the IT Security Governance initiatives that support overall IT Security goals and objectives.
• Assist with the information security awareness and education program.
• Enhance Liberty Bank’s program to deter, detect and mitigate risks, including establishing capability to monitor and audit information, evaluate personnel security information, establish employee awareness, driving assurance test and supporting internal and external audits
• Assess the continued effectiveness of management and technical cybersecurity capabilities through execution of continuous monitoring activities.
• Communicates risk findings and recommendations that are clear and actionable by business stakeholders

PRINCIPAL ACCOUNTABILITIES

• Develop and refine KRIs and KPIs related to the Information Security Program.
• Support end user questions related to policies and standards.
• Review industry standards and regulations and interview SMEs to understand how they apply in the environment.
• Implement a data security risk reporting framework for management teams and governance committees.
• Facilitate the remediation of control gaps and escalate critical issues to leadership.
• Provide proactive information security governance for Business areas (e.g., attend project meetings, work with control owners, etc.).
• Monitor, research and evaluate information security threats to the Bank, Customers, Employees, Third Parties, Affiliates and the Communities that we serve.
• Work with Information Technology stakeholders in the detection and response of information security events and incidents;
• Assist in facilitating information security awareness and training activities.

MINIMUM KNOWLEDGE/SKILLS
Education and Experience:
The competencies for this position would typically be acquired through a Bachelor level degree or equivalent education with five (5) years of experience in an information systems role with demonstrated progression in scope and level of responsibilities and at least three (3) of the five (5) years in direct support of information security risk management and compliance functions. A combination of graduate-level education, professional certification and experience may be considered in lieu of the three (3) year minimum requirement.
Business Competencies:

• Financial services provider experience preferred.
• Solid ability to adapt to changing priorities and work assignments.
• Ability to demonstrate linkage between compliance with governance documents (Policies, processes, procedures, etc.), business operations, corporate backing by financial institutions, and cyber insurance.
• Engage with control owners and performers in research and analysis of compliance requirements in support of new initiatives, continuous improvements, and remediation efforts.
• Advanced working knowledge of information technology risk management with a solid ability to identify potential impacts of business risks and how to manage those risks effectively.
• Strong ability to communicate effectively; including facilitation and presentation to technical and non-technical audiences including, but not limited to, Information Technology, Business Line Managers and other stakeholders.
• Working knowledge of information security methodologies, policies, standards and procedures.
• Demonstrated knowledge of common cybersecurity compliance and control frameworks.
• Solid ability to maintain focus, complete objectives and achieve results in a changing and evolving work environment.
• Solid ability to work independently, under limited direction, in the completion of assigned work.
• Advanced problem solving and analytical skills.
• Experience in building productive relationships and driving collaboration with both technical and non-technical teams.
• Ability to manage multiple projects, initiatives and/or work streams simultaneously.
• Solid ability to translate objectives into work plans, products and tasks and deliver quality results on time and within scope.

Technical Skills:

• Ability to perform advanced operation and administration of software applications (e.g., data analytics / reporting, risk assessment tools, etc.) in support of ISP functions.
• Understanding of Information Security frameworks such as NIST, ISO, etc.
• Understanding of Information Technology concepts, hardware, core software, operational practices, and related security capabilities.
• Working knowledge of common productivity software applications (i.e., MS Outlook, Word, Excel, PowerPoint, etc.).

PHYSICAL DEMANDS
General office equipment.
Prolonged sitting.
COMPLIANCE
Acts affirmatively in all activities under his/her control in conformance with the Bank’s Affirmative Action, Equal Employment Opportunity, and Fair Lending Programs to achieve the Bank’s goals and objectives. The bank shall provide equal employment opportunity to all qualified persons, and continue to recruit, hire, train and evaluate persons in all jobs without regard to race, color, religion, sex, national origin or veteran status.
Adheres to applicable federal and state regulations and Bank policies and procedures, including OFAC, BSA, PATRIOT Act, Privacy, and consumer protection regulations pertaining to incumbent’s business line.
Completes required training (on-line and in-person) by set due dates.