Position Summary
The Information Security Analyst supports the Banks cybersecurity efforts by assisting in the implementation, monitoring, and maintenance of security measures. This role is ideal for individuals with a foundational understanding of information security principles who are eager to grow in a dynamic and fast-paced environment. Additionally, the Information Security Analyst will assist in the management and oversight of the Bank’s Vendor Management Program.
Essential Duties And Responsibilities (Other Duties May Be Assigned.)
- Assist in monitoring network and system activity for potential security breaches or anomalies.
- Help conduct regular audits and assessments to ensure compliance with internal policies and external regulations.
- Aid in the development and updating of information security, vendor management, incident response policies and procedures.
- Assist in responding to and investigating security incidents and breaches.
- Support user awareness training and phishing simulations.
- Help manage access controls and user permissions.
- Stay informed about the latest cybersecurity trends and threats.
- Ensure information security plans, policies and practices are aligned with bank strategic plan, and roles are defined as they relate to IT services.
- Oversee hardware and software controls to ensure adequate monitoring is in place and confirm bank patching and user configurations adhere to minimum acceptable standards.
- Assists in the annual review of vendor provided Service Organization Control (SOC) reports
- Assists in the implementation of bank security awareness and training programs. Present at least quarterly training topics for the organization. Coordinate with the Information Security Officer in the preparation of annual Information Security training for all employees.
- Participates in industry collaborative efforts to monitor, share, and discuss emerging security threats; maintains advanced knowledge and awareness of financial industry technical status and trends.
- Aids in the implementation of enterprise-wide Business Continuity and Disaster Recovery Planning (BCP) including the establishment and validation of policies, risk assessment and procedures to restore business critical services of the Bank in the event of a disaster or event. Works closely with the IT Network/Infrastructure Director and Department Heads.
- Assures audit compliance and procedure quality control through internal and external reviews; recommends and initiates corrective actions; ensures system resources are in compliance with established Bank policies, procedures and state and federal laws, rules and regulations.
- Aids in audit and exam preparation including penetration testing.
- Assists in the implementation of the Bank’s Vendor Management Program with regards to the review of initial and ongoing due diligence documentation .
- Responds to inquiries or refers inquiries to the appropriate department or person and carries out the necessary follow through with customers and/or staff involved.
- Demonstrates knowledge of and adherence to applicable regulatory requirements.
- Assures compliance with all Bank policies, procedures and processes, and all applicable state and federal banking laws, rules and regulations; adheres to Bank Secrecy Act (BSA) responsibilities that are specific to the position.
- May be required to test related SOC Controls.
Qualifications
- Associate’s degree or 3-5 years related experience and/or training. Work related experience should be in banking field. Information Security, Vendor Management, IT and Audit experience a plus.
- Advanced knowledge of Bank operations and lending products and services; related state and federal laws, rules and regulations, and other Bank operational policies and procedures.
- Mastered knowledge of related state and federal banking compliance regulations, and Bank accounting policies and procedures.
- Excellent organizational and time management skills
- Strong verbal, written and interpersonal communication skills with the ability to apply common sense to carry out instructions and instruct others, train personnel, read, analyze and interpret documents and professional journals, understand procedures, write reports, correspondence and procedures, speak clearly to customers and employees.
- Ability to deal with medium to complex problems and systems.