Information Security Analyst

OceanFirst Financial Corp

Red Bank, NJ

JOB DETAILS
SKILLS
Access Control, Artificial Intelligence (AI), Automation, Banking Services, Best Practices, Business Banking, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Cloud Computing, Communication Skills, Computer Forensics, Computer Security, Data Analysis, Data Quality, Disaster Recovery, Endpoint Security, Enterprise Protection, Establish Priorities, Financial Services, Firewalls, GIAC - Global Information Assurance Certification, Identity Data Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Interpersonal Skills, Intrusion Detection Systems, Intrusion Prevention Systems, Maintain Compliance, Network Access Control (NAC), Network Security, Operations Management, Presentation/Verbal Skills, Process Improvement, Quality Assurance Methodology, Reporting Dashboards, Risk, Security Analysis, Security Attacks, Security Compliance, Security Information and Event Management (SIEM), Security Infrastructure, Security Monitoring, Security Protocols, Security Software, Service Delivery, Software Administration, Software Patches, Technical Support, Testing, Time Management, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Planning, Vulnerability Scanners, Writing Skills
LOCATION
Red Bank, NJ
POSTED
30+ days ago

At OceanFirst Bank, each one of our employees plays an important role in delivering value to our customers and executing daily tasks in accordance with our core values. We recognize that our employees are essential to our success, making OceanFirst a great place to work and do business.

Great benefits include: on-site fitness facility at Red Bank and Toms River headquarter offices, employee perks & discount programs, tuition assistance, incentive compensation program, professional development opportunities, and more! Apply today to #BecomeOceanFirst and make an impact in the local community!

PRIMARY PURPOSE:

In conjunction with the Information Security Operations Manager, develop, implement, and manage an enterprise wide information security framework to establish IT systems defenses against security vulnerability/ breaches.

Assist in the creation and maintenance of information security procedures designed for business and technology

units to establish and maintain a compliant, risk-focused information security platform. Partner with business and

functional units to create and maintain the bank's Business Continuity, Disaster Recovery Plans, and Incident

Response Plan. Implement appropriate monitoring and testing to ensure adherence to the bank's information

security protocols across the organization.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

  1. Provide timely detection, identification, and alerting of possible attacks, anomalous activities, and misuse activities.

Utilize an expertise in security solutions such as SIEM, SOAR, IPS/IDS, Endpoint Security, Network Security,

Database Security, Firewalls, Cloud Proxy, Network Access Control and Network Segmentation to identify security

risks.

  1. Ensure appropriate systems and controls exist to protect the confidentiality, integrity and availability of data residing

on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other

data repositories.

  1. Execute the deployment, integration and initial configuration of all new and enhanced information security solutions

with IT partners in accordance with standard best operating practices and the enterprise's documented information

security procedures.

  1. Maintain information security documentation including procedures, processes and guidelines to ensure the

organization's information security and compliance with all applicable banking regulations.

  1. Coordinate and document incident reviews to ensure appropriate controls are implemented to prevent or mitigate

risks for recurrence of security and continuity incidents and/or data breaches.

  1. Work with IT to maintain the bank's Business Continuity and Disaster Recovery Plans, identify potential information

security risks and develop mitigating controls where appropriate.

  1. Maintain ongoing communications with IT peers to ensure enterprise-wide understanding of information security

goals, solicit feedback and foster co-operation.

  1. Support the information security activities of the bank's external network sources.

  2. Maintain current knowledge and understanding of the IT security industry including awareness of new or revised

security solutions, improved security processes and the development of new attacks and threat vectors. Understand

the IT threat landscape for banking and financial services industry.

  1. Help deliver enterprise-wide security awareness training for all employees to ensure consistently high levels of

compliance with enterprise security requirements.

  1. Active participant in Incident Response Plan tabletop exercises.

  2. Create/Maintain vulnerability scans and then analyze data and integrate into reporting and dashboard creation.

  3. Update security software tools to maintain current versions.

  4. Review and recommend security policies, controls and cyber incident response planning.

  5. Contribute to automation workflows and integration of Artificial Intelligence (AI) and agentic capabilities to increase

efficiencies and coverage while reducing detection and remediation timelines

  1. Approve and oversee identity and access management (IAM) policies and system access control.

  2. Ensure continued compliance with laws and applicable regulations.

  3. Schedule and participate in periodic security assessments.

  4. Choose and recommend security products as necessary.

  5. Coordinate electronic discovery and digital forensic investigations.

  6. Ensure an inventory of technology assets, classified by sensitivity and criticality is properly maintained.

  7. Review relevant logs for security events

JOB SPECIFICATIONS:

Knowledge, Skills & Abilities

  • Solid understanding of network and system intrusion and detection methods; examples of related technologies

include Next Generation Extended Detection and Response (XDR), Security information and event management

(SIEM), Security Orchestration, Automation, and Response (SOAR), Firewalls, Intrusion Detection

Systems/Intrusion Prevention Systems (IDS/IPS), security testing tactics techniques and procedures.

  • Experienced with Zero Trust Networking principles and supporting technology
  • Experienced with Exposure Management and the components that comprise the capability (e.g., vulnerability

management, vulnerability intelligence, patch management)

  • Experience with introducing practical AI and automation into a Security environment desired
  • Understanding of information security frameworks, such as MITRE (ATT&CK, ATLAS, D3FEND), Cyber Kill Chain,

Insider Threat Matrix, NIST CSF, etc.

  • Industry recognized Infosec certifications such as CompTIA Security+, CEH: Certified Ethical Hacker, GSEC: SANS

GIAC Security Essentials, CISSP: Certified Information Systems Security Professional, CISM: Certified Information

Security Manager, strongly desired.

  • Proven ability to successfully partner with internal clients and vendors to align strategy with deliverables, identify

business challenges and develop alternatives to mitigate.

  • Strong service management and service delivery orientation.
  • Strong written, oral, and interpersonal communication skills.
  • Ability to present ideas in user-friendly language to a variety of constituent audiences.
  • Proven ability to work within a changing environment and lead the implementation of change.
  • Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of

complexities on business financials and performance.

  • Ability to effectively prioritize and execute tasks in a high-pressure environment.

About the Company

O

OceanFirst Financial Corp