Information Security analyst will be responsible for cyber governance including program, policy, control standards development and implementation to safeguard the bank’s technological assets. Information Security analyst will also design and assess proper protection for all of the bank’s digital assets is paramount to protecting the proprietary and confidential information used in everyday processes. Information Security analyst will continuously monitor, track and update the systems controls as required. Monitors all systems for violations of bank security policy and take necessary remedial actions to stop and prevent further violations.
Information Security analyst is responsible for implementing cyber control assessment and monitoring and tracking it though it’s compliance cycle.
- Design, develop and implement information security program, policy and standards for the Bank.
- Work under ISO’s supervision to define and implement information security roadmap and strategy.
- Design, develop and implement cyber security assessment and control validation reviews
- Monitor and track all non-compliance issues and gaps to information security policy and standards.
- Review and maintain access control processes such as access re-certification, revocation etc.
- Provides training and awareness to end users on cyber security related topics.
- Provides periodic reporting to ISO and management on information security issues and gaps
- Interfaces with internal, external and third parties contacts
- Partner with risk management and internal audit on enterprise level issues and provide cyber SME services.
- Performs all functions as assigned by ISO
- Provide high quality work by ensuring accuracy and seeking to continuously improve Information Security processes by embracing new and better ways of doing things.
- Bachelor’s degree or equivalent.
- Three or more years’ hands-on experience in cyber governance & cyber risk management related work.
- Good knowledge of NIST 800-53, ISO 27001, CIS critical controls, FFIEC handbook.
- Ability to perform cyber risk assessments in perimeter, network, host and application domain level
- Working knowledge with GRC tools and risk acceptance, policy exception and issue tracking process.
- Good understanding and knowledge of IP Network, Microsoft Windows, Linux, UNIX, Database security
- Working knowledge of Access control (IAM) processes and tools
Able to develop & maintain cyber security policies and standards in accordance with regulatory requirement.
Able to provide end user security awareness training and phishing exercises
Security+, CEH, CISA type certifications would be plus
Able to demonstrate clear communication, excellent in writing and presentation skills.