The Information Security Analyst will report directly to the CISO and contribute to and support the Bank’s information security program. The position collaborates across the bank to evaluate and document information security risk primarily related to third parties, but also internal Bank environments especially where the two overlap.
- Lead the third party information security review process for new and existing vendors
- Collaborate with the vendor management officer, CISO, and other subject matter experts on each new third party
- Evaluate information security and technical compliance risk related to third parties
- Identify risks and work with subject matter experts to explore potential solutions
- Build and maintain a logical data flow diagram for each Bank third party and related fourth parties
- Build and maintain logical data flow diagrams that document comprehensive business processes across multiple third parties and the Bank’s internal environment
- Build and maintain an information security focused third party risk score/risk assessment for all identified third parties within the Governance, Risk, Compliance tool
- Recommend, build and/or maintain information security policies, standards and/or procedures that reduce third party risk
- Provide assistance in the incident response process related to cybersecurity events
- Periodically contribute to the evaluation of internal control maturity against best practices and frameworks like the FFIEC Cybersecurity Assessment Tool and Center for Internet Security Top 20
- Stay aware of information security vendors and/or categories of products/services
- As needed for department coverage, provide after-hours phone support for physical security alarm calls and events
Key Skill sets or Knowledge Requirements:
Strong verbal and written communication skills
Minimum of five years’ experience within a highly regulated industry
Experience with risk assessment frameworks like NIST 800-30
Knowledge of multiple information security frameworks including FFIEC IT Handbooks, FFIEC Cybersecurity Assessment Tool, Center for Internet Security Top 20, ISO 27000
Experience in reviewing SOC2 and other third party audit reports
Desired Career Experience & Education Requirements:
- Advanced working knowledge of information security controls and limitations
- Experience reviewing third party environments via paper, phone calls and on site reviews
- Have performed risk assessments on complex technical controls and business structures
- Past exposure to security events as reference points to define potential future risks
- Bachelor’s degree
- CISSP, CISA or related experience
- Advanced degree
Job Functions & Work Environment:
While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.
The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
Equal Employment Opportunity:
BofI Federal Bank is an equal opportunity employer committed to creating a diverse workforce. We consider all qualified applicants without regard to race, religion, color, sex , gender identity and expression, sexual orientation, national origin, ancestry, citizenship status, uniform service member and veteran status, marital status, pregnancy, age, protected medical condition, genetic information, disability, or any other protected status in accordance with all applicable federal, state and local laws. Candidates must possess authorization to work in the United States.