Senior Information Security Analyst (Assistant Vice President)

Summary :

This is a full-time position for a Senior Information Security Analyst ("Security Analyst ) within the

Information Security team that participates in all aspects of information security.

The Security Analyst shall act as a risk manager with the responsibility for identifying, acting on

and escalating risks and is held strictly accountable for the failure to discharge their information

security duties. The employee shall also be responsible for demonstrating risk awareness by

following all security policies, procedures and internal controls in the daily routine.

Ability to make decisions and influence decisions in the areas of risk management and

compliance are key to the role. The Security Analyst will ensure that policy and compliance

documentation, requirements and controls are properly and timely identified, mapped,

tracked, reviewed, and reported for the organization to increase security posture.

In this role he will work closely with other members of the Security Team and IT Infrastructure

Teams to manage and support security administration tasks and security projects.

Responsibilities :

Experience leading risk assessments, audits, policy, governance, and / or reporting, preferably

in a financial institution

Assist with mapping controls to policies, procedures, and processes and testing of those

controls to ensure adequate coverage

Establish and maintain security manuals

Work with control owners in the remediation and tracking of deficiencies.

Assist with increasing the maturity of the Information Security program, strategy and process.

Provide security services in identifying, assessing, managing, and tracking remediation of

information security risks related to IT infrastructure, applications, platforms and suppliers and

drive explicit requirements and timelines in all environments

Provide update to the CISO and / or CRO on progress of remediation efforts

Qualys :

scanning for vulnerabilities and baseline configuration compliance

monitoring new and existing vulnerabilities and working with IT and users to remediate

Daily, Weekly, Monthly, reporting reviewing results of reports and presenting to IT to

remediate issues

Network monitoring Monitoring assets connected to the network scanning for assets

and reconciling with IT asset inventory

Daily monitoring of system events for malicious activity

Tufin Firewall rule review and approval

AlienVault SIEM System event monitoring and analysis with follow up if issue is detected

Tipping Point IPS Monitoring network for signs of malicious activity or exploitation

Trellix EPO + TMS Daily monitoring of Data Loss Prevention tools

Manage phishing campaigns, create email templates, perform testing, analyze results, and

write report

Spirion Create scans to monitor files containing PII and ensure they are destroyed in

accordance with data retention policy

Privileged Access Management (PAM) and reporting

Chair weekly IT meeting to discuss vulnerabilities, patching, and alarms generated by IS tools

Threat Intelligence Monitor Qualys Threat Protection Feed and CISA emails for relevant

information to protect the network

Work with vendors for troubleshooting and maintenance of IS tools

Education and Experience Requirements :

years managing information security governance, risk, and compliance

Bachelor's degree in information technology or security discipline ( cybersecurity) or

related worked experience

Industry recognized security certifications are a plus but not required ( CISSP, CISA, CISM,

CEH, etc.)

Skills and Knowledge :

Demonstrated knowledge of industry authoritative sources such as NIST Cybersecurity

Framework, SOC and ISO standards, FFIEC framework and NYDFS-Part regulations

Working with GRC applications and toolsets, such as RSA Archer

Proficient in Microsoft Office

Excellent written and verbal communication and presentation skills; Good command of

spoken and written English.

Interpersonal and collaborative skills; and the ability to communicate information risk-related

concepts to technical as well as nontechnical audiences

Skilled at planning, tracking plans, working cross department to review risks, controls and

processes, and gathering and organizing documentation and test results

Self-directed, works with minimal guidance, and recognizes when guidance needed

Ability to cope with pressure and responsibility