Summary: The Information Security Analyst position requires the ability to assist with information security functions of the bank including implementation, administration, review, and monitoring functions to ensure security objectives are met. The security objectives are data confidentiality and integrity, as well, as system and data availability. He/she must have the foresight and knowledge to recommend security features and enhancements for hardware and software as determined by the results of risk assessments, and must also have the knowledge and experience to uncover and report system deficiencies and user exceptions in order to protect the information assets of (Bank). The incumbent must have knowledge of information security risk and control concepts.
The incumbent carries out techniques to assure the proper handling of computer systems with respect to information security and privacy, and for tracking and reporting exceptions to the information security officer, as well as maintaining adequate records of exceptions, reviews, and results of monitoring.
The focus of information security monitoring will be at the direction of the information security officer, bank management, policies and procedures, and banking laws, rules, and regulations.
Essential Duties And Responsibilities include the following:
- Continually monitor for compliance with bank policies, and banking laws, rules, and regulations
- Keep abreast of current information security technology and threats as well as banking laws, rules, and regulations. Changes in the Bank’s environment will be presented to the information security officer.
- Review the results of user, system administrator, information systems, and network activity as determined by the results of risk assessments, policy, regulatory requirements, and the information security officer’s directive. The results of all monitoring and reviews will be supported through sufficient documentation that includes opinions, conclusions, corrective action plans, and management responses.
- Identify data assets whose preservation is required by Bank policy as well as banking laws, rules, and regulations, and propose provisions for their safekeeping.
- Identify threats to data and recommend appropriate and cost-effective measures to ensure the bank’s security objectives are met. .
- Review employee access and exception reports, research questionable items and report them to the information security officer.
- Conduct periodic reviews of computer systems to ensure compliance with Bank policy and banking laws, rules, and regulations.
- Assists with assuring compliance with banking regulations in all IS areas.
- Participates in the Bank’s business continuity planning and response efforts.
- Handle non-routine security problems.
- Assist with audits and reviews as needed.
- Assist the information security officer with all aspects of the information security policy, business continuity plan, and the incident response plan.
- Special projects as assigned by the information security officer and management.
Certificates, Licenses, Registrations:
- CISA or CISSP desired but not required.
Required & Preferred Experience:
- 2-3 years experience in IT Audit or Information Security
- Must have knowledge of information systems and equipment, including, but not limited to, network infrastructure devices, network communications, servers, applications, databases, network protocols, and operating systems as it relates to information security.
- Knowledgeable of banking laws, rules, and regulations
- Knowledge of information security, control, and risk concepts.
- Knowledge of general business and bank operations.
- Ability to deal effectively with highly sensitive issues while maintaining confidentiality.
- Ability to deal effectively with all Bank personnel
- Strong attention to detail
- Bachelor degree (BA) from four-year college or university; two years relevant experience can be substituted.
Equal Opportunity and Affirmative Action Employer M / F/ Protected Veteran / Disabled