Information Security Analyst (Leading Bank)

Miami Lakes, FL

Posted: 11/21/2018 Employment Type: Direct Hire Job Category: Information Security Job Number: 86
Job Description and Synthesis
This position has primary responsibility for the execution of the Company' s information security program. Areas of focus are Information Security (IS) policy review and compliance, designing and testing IS controls, risk assessments and reporting, third party information security due diligence and IS project management.

Specific Responsibilities
  • Create and maintain IS policies and standards based on knowledge of best practices and compliance requirements.
  • Collaborate with Information Technology management, Internal Audit, Legal, Corporate Security, and other stakeholders in creating policies and standards.
  • Oversee the annual review of policies and standards.
  • Maintain an appropriate internet home page for all policies and standards.
  • Maintain governance over IS policies, standards, and procedures.
  • Set entity-wide IS guidance for updated policies and standards using methods such as email notification, Intranet posting, and the security awareness training program or other methods to ensure understanding and acceptance. 
  • Perform IS due diligence on third party vendors to determine their effectiveness of their controls to protect the Bank' s data.
  • Perform third party on-site visits to assess their current information security posture and practices.
  • Work with the Project Management Office (PMO) to integrate Information Security governance into project planning and execution. Include IS subject matter experts (SME) in the PMO process as necessary.
  • Assist with developing internal IS reports for senior management as required.
  • Perform IS Control & Compliance and Risk Assessment activities as required by management.
  • Perform additional duties, as assigned.
Controls & Compliance
  • Work with client business unit management on IS control descriptions and evaluations.
  • Execute quarterly IS validation testing of IS and IT Sarbanes Oxley controls.
  • Test controls identified on risk assessments but not tested by other internal parties.
  • Work with control owners to ensure control accuracy and remediate any issues related to control exceptions.
  • Communicate identified control deficiencies to management, both orally and in writing. 
  • Evaluate the design and operational effectiveness of IS controls.
  • Reengineer IS control environment to comply with updated policies and standards as required.
  • Work with IT and business owners to perform recertification of user access rights to specific applications. 
  • Interface between IS, IT Audit and regulatory personnel including coordinating the gathering of artifact requests from internal and external auditors to support the respective IS/IT related audits.
  • Respond to audit advisories.
  • Manage and track outstanding IS/IT remediation items in the Enterprise Risk Management system to ensure timely completion.
  • Perform IS Governance and Risk Assessment activities as required by management.
  • Perform additional duties, as assigned.
Risk Assessment
  • Conducts IS risk assessments to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
  • Assist in conducting security risk assessments for new and existing systems, applications and programs to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
  • Perform reviews and security assessments of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web based applications.
  • Responsible for IS risk management activities, including providing guidance for projects
  • Participate in key IT initiatives providing subject matter expertise on IS risk and compliance.
  • Coordinate testing of controls identified on risk assessments but not tested by other internal parties with IS Controls & Compliance personnel.
  • Assist with developing internal IS risk management reports for senior management as required.
  • Perform IS Governance and Control & Compliance activities as required by management.
  • Perform additional duties, as assigned.
Key Requirements
  • Fundamental understanding of relational and non-relational databases IS testing practices, and data validation.
  • Experience working with internal and external auditors.
  • Experience working in the finance industry dealing with sensitive data preferred
  • Working collaboratively and independently.
  • Detail oriented with strong organizational and prioritization skills.
  • Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with different levels of staff and management.
  • Self-motivator, willingness to develop and present ideas and suggestions for the creation of new processes and or to improve existing processes.
  • Perform multiple projects simultaneously.
  •   Working knowledge of Microsoft Word, Excel, PowerPoint, and Visio.
  • Working knowledge of Microsoft Project a plus.
  • Bachelor' s degree or higher in Information Systems, or related field and or equivalent combination of work experience.
  • At least four (4) years IS experience in 2 or more of the following areas: Internet security, application security, security design and implementation, recertification of user rights, IS/IT auditing, IS/IT policy development, third party IS due diligence, risk assessments, federal regulatory compliance for information protection and information security architecture.
  • Working knowledge with one 1 or more of the following frameworks: ISO, COBIT, NIST.
  • Working knowledge of regulatory compliance initiatives related to Sarbanes Oxley, the Gramm--Leach--Bliley Act and FFIEC.
  • Firm grasp of the design and implementation of effective IS controls.
  • Ability to drive a project to completion with minimal oversight.
information security, cybersecurity

Katherine Anderson

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.