Information Security analyst will be responsible for cyber governance including program, policy, control standards development and implementation to safeguard the bank's technological assets. Information Security analyst will also design and assess proper protection for all of the bank's digital assets is paramount to protecting the proprietary and confidential information used in everyday processes. Information Security analyst will continuously monitor, track and update the systems controls as required. Monitors all systems for violations of bank security policy and take necessary remedial actions to stop and prevent further violations.
Information Security analyst is responsible for implementing cyber control assessment and monitoring and tracking it though it's compliance cycle.
JOB FUNCTIONS/DUTIES AND RESPONSIBILITIES
Design, develop and implement information security program, policy and standards for the Bank.
Work under ISO's supervision to define and implement information security roadmap and strategy.
Design, develop and implement cyber security assessment and control validation reviews
Monitor and track all non-compliance issues and gaps to information security policy and standards.
Review and maintain access control processes such as access re-certification, revocation etc.
Provides training and awareness to end users on cyber security related topics.
Provides periodic reporting to ISO and management on information security issues and gaps
Interfaces with internal, external and third parties contacts
Partner with risk management and internal audit on enterprise level issues and provide cyber SME services.
Performs all functions as assigned by ISO
Provide high quality work by ensuring accuracy and seeking to continuously improve Information Security processes by embracing new and better ways of doing things.
Bachelor's degree or equivalent.
Three or more years' hands-on experience in cyber governance & cyber risk management related work.
Good knowledge of NIST 800-53, ISO 27001, CIS critical controls, FFIEC handbook.
Ability to perform cyber risk assessments in perimeter, network, host and application domain level
Working knowledge with GRC tools and risk acceptance, policy exception and issue tracking process.
Good understanding and knowledge of IP Network, Microsoft Windows, Linux, UNIX, Database security
Working knowledge of Access control (IAM) processes and tools
Able to develop & maintain cyber security policies and standards in accordance with regulatory requirement.
Able to provide end user security awareness training and phishing exercises
Security+, CEH, CISA type certifications would be plus
Able to demonstrate clear communication, excellent in writing and presentation skills.
Help us improve CareerBuilder by providing feedback about this job:
Report this job
Report this Job
Once a job has been reported, we will investigate it further. If you require a response, submit your question or concern to ourTrust and Site Security Team
Job ID: BBBH13602
privacy and protection,
when applying to a job online, never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn more.
By applying to a job using CareerBuilder you are agreeing to comply with and be subject to the CareerBuilder
Terms and Conditions
for use of our website. To use our website, you must agree with the
Terms and Conditions
and both meet and comply with their provisions.