POSITION PURPOSE

Will ensure the security and compliance of bank systems and processes are in-line with federal and state banking regulations, and other cybersecurity best practices. Will also work closely with information technology, legal, vendor management, and business process owners.

ESSENTIAL FUNCTIONS AND BASIC DUTIES

• Perform risk analysis for systems, processes, third-party tools/applications, configurations, and threat intelligence. This includes deliverables to management using a standardized risk management process and devising mitigations to lower risk levels as part of the analysis.
• Knowledge of information security aspects of both in-house and cloud systems.
• Experience with information security controls review and monitoring.
• Provide reviews, updates, and feedback on security policies and processes.
• Participate in reviews of Bank systems against compliance regulations and frameworks including the Federal Deposit Insurance Corporation (FDIC)/ Federal Financial Institutions Examination Council (FFIEC) Safeguards Rule, the National Institutes of Standards and Technology (NIST) Cybersecurity Framework (and by extension NIST Special Publications 800-53), Payment Card Industry - Data Security Standard (PCI-DSS), and the Center for Internet Security (CIS) controls.
• Evaluate cybersecurity tools and applications.
• Stay current with new technologies and best practices relative to security/privacy discipline as well as applicable federal, state, industry, and regulatory compliance. Stay involved in various external professional organizations as appropriate.
• Experience in Python, PowerShell, or Microsoft's Power Platform tools such as Power Automate, Power Apps, or Power BI is highly desired to automate manual processes.
• Ability to troubleshoot problems, be proactive, and an open mind toward unconventional solutions.
• Be familiar with the technical side of information security, but also consider legal and regulatory compliance aspects.

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this job description amended at any time.

QUALIFICATIONS

Education/Certification:

• Bachelor’s degree in cyber security, computer science or relevant work experience.

Required Knowledge:

• Knowledge of Windows and Unix/Linux system administration and architecture.

Experience Required:

• 5+ years’ experience in information security or risk management
• Real world experience using security tools such as vulnerability scanners, firewalls, GRC tools, intrusion detection/prevention (IDP/IPS), and security information and event management (SIEM) applications.

Skills/Abilities:

• Ability to research, analyze and resolve complex problems with minimal supervision and escalate issues as appropriate.
• Solid understanding of security protocols, cryptography, authentication, authorization, and security
• Strong analytical skills.
• Understanding of TCP/IP networking including knowledge of protocols and services
• Security Certifications (i.e., Security+, CISSP, CRISC, CISA, CTPRA, CTPRP, CCSP, SANS, etc.)
• Banking or Financial services industry highly preferred.