Do you enjoy working on the governance side of Information Security; specifically, governing documents, security incident response planning and exercises, risk assessments, and vendor security risk reviews? Then apply now to the Bank’s Information Security Analyst II role. This role will provide security guidance to project teams delivering business solutions, perform risk assessments of technology-related vendors, and consult on multiple projects simultaneously. Additional duties include security program maintenance and improvement.
•Maintain policy/procedures/standards, provide security incident response planning and exercises, security risk assessments, and vendor security risk reviews.
•Monitor, analyze and report on the security of information systems.
•Provide specialized security training to technology teams.
•Collaborate with IT and business units to produce customer friendly procedures.
•Provide excellent security services to Bank business units.
•Advise and assist with operational security and response to information security incidents.
•Collaborate with the Legal department to conduct vendor assessments according to procedures.
•Provide information security requirement input in support of project initiatives.
•Research technologies and methods that better utilize existing technology.
•Create, develop, implement and maintain security standards, procedures, and guidelines to mitigate risk in the Bank’s information security posture (internal/external).
•Assist with information security strategies and organizational governance. Communicate security strategies and framework to staff, partners, and other stakeholders.
•Promote security awareness through Bank-wide communication of policies and security threats.
•Monitor departmental internal controls and regulatory issues.
•Bachelor of Science in Management Information Systems or related field; prefer Master’s degree in information assurance or related field
•Minimum 5-8 years of experience as an information security analyst, specialist or consultant
•Experience providing and validating security requirements related to network and operating system security
•CISSP, CISM, or similar security certification is highly desirable