Information Security Analyst
Redbeard Solutions - lowell, MA
Apply NowJob Description
About the job Information Security Analyst Were a growing bank that recognizes and values talented people. Were consistently recognized both nationally and locally as a Top Place to Work and our team members are as important to us as our core values. What You'll Do: Reviews system logs and real time alerts for the Banks infrastructure to identify trends, investigate abnormalities, and report exceptions to the Banks Information Security Program. Participates in the Information Security Committee and creates meeting dashboards. Coordinates the Banks User Access Program for all systems both on premise and those hosted by third parties including but not limited to the initial set up of users, ongoing reviews, and removal of users due to terminations/separations. Monitors the Banks IT related accepted risks for adding, updating, and removing accepted risks based on changes in technology and vulnerabilities. Assists with the initial configuration review of third party hosted systems to determine compliance with the Banks policies and procedures. Gathers industry alerts and information from information security focused groups (Financial Services Information Sharing and Analysis Center, the FDIC, etc.) to alert the Information Security Committee of the potential threats and recommends action steps commensurate with the risk level. Monitors the configuration of bank wide applications to verify they meet the standards required by the Information Security Program. Updates the Information Security Program and corresponding cybersecurity policies, procedures, and controls annually based on regulatory changes, feedback from the Information Security Committee, and the results of audits and assessments. Coordinates the scheduled reviews of systems logs to verify appropriate system changes and employee access rights to verify alignment with job responsibilities. Performs scans on internal devices to identify vulnerabilities and provide guidance to system administrators for remedial actions. Analyzes the integrity of changes made to the Banks network through the Patch Management program, Change Management Program, user access changes, and system modification forms. Develops and conducts information security training for employees to make them aware of the Banks information security policies and procedures. Monitors team members adherence to the Banks Information Security Program through clean desk audits, phishing testing, and other testing outlined in the Information Security Testing Program. Research, implement, and maintain an information security framework through ongoing compliance monitoring of the framework. Develops and coordinates information security training for customers through the Banks statements and social media platforms. Assists with the Banks responses to potential cybercrime activity and data breaches according to the Banks Incident Response Policy. Assists customers with recovering from fraudulent transactions by identifying the recovery steps necessary based on the transaction type and coordinating the follow up with other departments as needed. Completes or participates in the preparation of risk assessments that are performed for new critical technologies, applications, or devices that are implemented, revised, and/or installed. Works with Information Services and system administrators to select appropriate technology vendors that support regulatory and best practice requirements and researches information security tools. Enforces the Banks record retention program for electronic documents and classifies these records in accordance with the Banks Classification of Information Policy. Supports the Risk Management Department with risk management related tasks as required. Performs all duties consistent with applicable Federal and State laws and regulations as well as Bank Policies Performs other related duties as assigned Exceeds customer expectations by following the guidelines outlined in the Customer Experience Program This position is Hybrid once you have assimilated into the team (1 day onsite per week) Requirements: Five or more years experience in the information security field, preferably in the banking industry; and Bachelors degree (B.A.) with a focus on business and/or technology; or Equivalent combination of education and experience. Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Information Security Manager (CISM) designation(s) are preferred, but not required.
Created: 2024-11-05