Sign in

Information Security Analyst

Company:
International Bank
Location:
New York City, New York, United States
Salary:
$130k-140k+ BONUS
Posted:
December 04, 2018

Description:

Senior Information Security Analyst

The IS Office works to protect the Bank's informational and technology assets from internal and external threats by: Assessing, Monitoring, and Responding to Risk in the Environment Defining and Implementing Appropriate Policies & Standards, Empowering Users with Training and Tools to Detect & Report Threats, Working with AITD to Implement Technology-Based Controls & Protections

Summary

Rreport directly to the CISO and contribute to and support the firms Information Security and IT Risk Management program. The position in in the Second Line of Defense and interfaces with various levels of IT and business personnel, monitoring critical security functions, evaluating key IT processes, and advising on best practices and approaches

PRINCIPLE DUTIES AND RESPONSIBILITIES

Support the development of a comprehensive set of information security policies and standards

Work with business and IT personnel during system and business development efforts to ensure the confidentiality, integrity, and availability of data.

Conduct reviews to determine level of compliance with Information Security Policies and Standards

Review and determine the effectiveness of procedures and practices to secure sensitive data and ensure information security and compliance with firm policy, standards, and relevant regulations

Participate in efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls

Aggregate material cybersecurity risks and maintain a cybersecurity risk library

Receive and analyze threat intelligence information and maintain a threat library

Security Monitoring:

Perform reviews of applications and information security related processes to determine adherence to information security policy and standards.

Monitor the completion of various IT Security activities to ensure compliance with firm policy and standards

Monitor information security Key Risk Indicators and thresholds. Challenge results and determine the need for additional controls when necessary. Develop additional KRIs as needed

Research and recommend additional applicable information security and technology metrics

Stay abreast of information security and information technology issues, threats, and regulatory changes affecting the organization, and perform research as needed

Monitor information technology and information security related audits including scope of audits, issue finding, and disposition of issues

Work with auditors and regulators as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light

Provide guidance, evaluation and advocacy on audit responses

Examine impact of new technologies on the Banks overall information security program

Establish processes to review implementation of new technologies to ensure security compliance.

Conduct regular status meetings with IT Security and IT Management personnel

Participate in and contribute to security incident response efforts

Qualifications

Strong understanding of key risk identification and key risk indicator development

Solid knowledge of information security tools and techniques, including, but not limited to: data leakage prevention, incident response, and malware detection and prevention

Financial Services/Banking experience is required

CISSP, CRISC, CISA, CEH certifications a plus

Solid knowledge of several information security and technology frameworks including: FFIEC, ISO, NIST

Degree in Computer Systems preferred