Senior Information Security Analyst (Information Risk Governance)

International Bank is seeking a Senior Information Security Analyst who develops and manages information and cyber security related activities and projects. Supports and assists senior management by providing guidance on information and cyber security issues. Effectively works with IT Department on technology risk related matters. Develops ways to improve efficiency, effectiveness, and productivity for the department.

Responsibilities:

  1. Work closely with the Head of the Department and assumes a secondary leadership role of the Department with expertise in developing and managing information and cyber security related activities and projects.
  2. Responsible to effectively work with IT and coordinates any incident response to cyber security events.
  3. Provide support and guidance to IRG (Intelligent Resource Group) staff. May supervise projects and/or work product.
  4. Keeps abreast of industry wide information risk issues that are relevant and could potentially have an impact on Branch Operations.
  5. Acts as an Information Security subject-matter-expert to support and assist with providing guidance to Senior Management on information and cyber security issues.
  6. Reviews and proposes practical changes to potential and existing Information Security policies, procedures, practices, and guidelines to ensure business operations and/or effective compliance to existing federal, state, and local government cyber security regulatory requirements.
  7. Assists in establishing processes for communicating data classification guidelines and its governance.
  8. Revises and maintains information and cyber security policies and procedures manuals.
  9. Coordinates and manages the employee information security awareness training program.
  10. Assesses and evaluates Information Risks by conducting: 1)Annual Risk Assessment 2) Semi-annual Vulnerability Assessments; 3) Special Risk Assessments for new information risk related processes or significant process changes; and, 4) Trend analysis of key information risk measurements.
  11. Coordinate and prepare material for the monthly information security meetings with various Departments and levels of Management. 1) Performs key Information Risk Governance related tasks as described below: 2) Provides user access control management oversight; 3) Monitors, analyzes, and follows-up on Information Risk events/issues; and,4) Reviews information risk and proactively advises as necessary on: IT Projects/Issues Management process, Change Management Process, Significant changes to IT procedures, IT Asset Management Report, Key IT Vendor Contracts, IT Disaster Recovery Plan/Process, Record Retention Process, and Internal or external audit findings.
  12. Develops and maintains Information Risk Key Risk Indicators (KRI).
  13. Periodically updates members of the IT Department  on Information Risk related practices.
  14. Reviews vendor service level agreements and contracts to provide guidance on information and cyber security protective controls and countermeasures.
  15. Performs other duties and responsibilities as assigned by management.

 

Qualifications

  1. Bachelor’s degree in Information Systems or its equivalent with 5+ years of experience in Information Security or IT Audit.
  2. Certification in Information Security (CISSP) required.
  3. An in-depth knowledge and understanding of Information Risk assessment concepts and principles as they relate to risk appetite, risk tolerance, and business risk exposure.
  4. Knowledge of Information Security principles, terminology, and technology.
  5. Knowledge and expertise in Risk Assessment and Risk Analysis.
  6. In-depth knowledge of Information Technology.
  7. Ability to analyze and design Information Security monitoring process.
  8. Excellent computer skills in Microsoft Office including Excel and Word.
  9. Strong interpersonal communication, written documentation, presentation skills, organization, and documentation skills.
  10. Strong project management skills.
  11. Good people management skills, with the ability to develop and guide Information Security team members, preferred.