This position is responsible for assisting the Information Security team in developing, maintaining, and monitoring the bank’s cybersecurity and information security programs. These programs aim to protect the confidentiality, integrity, and availability of the bank’s information systems. The Information Security Analyst will act as a technical expert on information security policy and collaborate with the Bank’s Information Security and risk management teams to develop, implement, and maintain an effective cybersecurity risk framework.
Hours: Monday - Friday 8:30am-5pm

38-40 hours/week

• Hours may change at any time based on business needs.

REQUIREMENTS:

• Possess a proficient understanding of IT concepts and principles, including comprehensive knowledge of networking, server management, and virtualization technologies.
• Demonstrate familiarity with security frameworks and standards such as the FDIC FFIEC banking privacy standards, NIST Cybersecurity Framework (CSF), NIST 800-53, CIS Security Controls, and MITRE ATT&CK.
• Exhibit expertise in email security protocols (SPF, DKIM, DMARC), remote access security solutions (RDP, VPNs, MFA), and foundational infrastructure security measures (e.g., OS fundamentals, patching, network architecture).
• Thorough understanding of Active Directory, Azure/Entra/M365, network utilities, and network security systems including enterprise patching, anti-virus, IDS/IPS, content filtering, port scanners, sniffers, DLP, and NAC.
• Two or more years of professional experience in information technology areas such as incident response, forensics, analytics, and/or security operations.
• An associate degree with a focus in information systems, security, computer science or a related technical field of study is preferred.
• Knowledge of networking technologies such as TCP/IP, DHCP, wide area networks, routing concepts, and unified communications.
• Understanding common network vulnerabilities and threats, with the ability to compare risk-related concepts.
• Experience with operating system internals and security controls such as Linux and/or Windows.
• Familiarity with SIEM and network monitoring tools is preferred.
• Ability to prioritize tasks, manage time and projects with resources from within and outside the department.
• Detailed, team-oriented working style with the capability to apply critical thinking to resolve problems in new situations.
• Strong communication, writing, and editing skills required to transfer information to individuals involved in the systems support process.
• Ability to write policies and procedures; ability to prioritize work and meet deadlines.
• Maintains compliance with all company policies and procedures.
• Technical certifications are not required but recommended. (CompTIA Security+, GIAC/SANS, or ISC2 SSCP)
• Must comply with applicable laws and regulations, including but not limited to, Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT Act) and the requirements of the Office of Foreign Assets Control. Additionally, all employees must follow policies and procedures to minimize risk by exercising good judgment, raising questions to management, and adhering to policy guidelines.

• Conduct daily reviews and analyses of security event logs and alerts from security systems and tools such as Firewalls, IDS/IPS, DLP, SIEM, Syslog, and security subscription feeds. Communicate threat intelligence to the appropriate stakeholders.
• Perform audits and tests on the effectiveness of security controls and procedures.
• Monitor and report on emerging cybersecurity threats and trends, providing recommendations to internal teams on mitigating risks.
• Respond promptly to security incidents and/or policy violations that may jeopardize the Bank’s security posture.
• Diagnose and investigate causes of security issues, including misconfigured DNS records, exposed insecure protocols, use of known-vulnerable software, and weak ciphers.
• Collaborate effectively with the IT department to ensure that new product deployments adhere to security policies and standards.
• Design and implement opportunities for continuous improvement to reduce cyber risk and enhance efficiencies, applying the latest industry best practices.
• Assist in the development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate, and remediate information security risks and related compliance issues.
• Ability to instruct and train staff in the operation of cybersecurity systems
• Staying updated on the latest security trends and technologies.
• Any other duties as assigned.