Senior Information Security Analyst II

Responsibilities include administration of systems utilized for collection/correlation of application and server logs as well as systems used for change management. Assists with the development of Information Security policies and frameworks in accordance to compliance requirements, FFIEC Cybersecurity Standards (as defined in the CAT), ISO 27001, NIST 800-37, and other best practices. Identifies and evaluates new security related technologies and provides recommendations to management. Investigate and document potential cybersecurity incidents. Other responsibilities include development and training of support staff, enforcement of corporate policies and procedures, development of procedures as needed. Participate on project teams as assigned, server as project manager/lead within IT security projects.

Works closely with other departments to implement and maintain security controls and technologies. As a member of the Information Security Risk Committee will meet regularly with other departments to discuss the current risk landscape, changes to security controls, and the security posture of the corporation. Works regularly with auditors and regulators to communicate established security controls and processes and provide evidence that controls are in place and executing.

Coordinates testing of security controls and remediation of identified weaknesses. Performs information security assessments associated with third party due diligence processes.

Strong understanding of network architectures, network security devices such as firewalls, application security controls, Microsoft Azure, DLP solutions, SIEM technologies, and MS Defender security products required. Understanding of cybersecurity risks and threats required. Excellent oral and written communications skills required. Minimum of 10 years’ experience in Information Security required. Previous management experience a plus. Project management experience a plus. Candidate must have the ability to operate effectively in crisis or emergency situations and demonstrate strong problem solving skills. Degree or certifications in Information Security related studies preferred (CISSP, CEH, GIAC, Comp TIA Security, etc.).

Position may require non-traditional working hours to support projects. Provides 7x24 on call support as necessary.

Essential Job Responsibilities____________________________________

1. Responsible for administration of systems utilized for collection/correlation of application and server logs as well as systems used to monitor change on internal devices.
2. Review of firewall, IDS, & VPN logs, analysis of windows audit and security logs, and examination of security logs relating to business critical applications.
3. Perform backup management responsibilities as assigned.
4. Act as a mentor for Information Security staff
5. Participate on project teams as assigned including the development and management of project components and project management for higher risk, complex projects.
6. Performs regular reviews and supports enforcement of corporate security policies
7. Develops and maintains Information Security controls, processes, and technologies
8. Coordinates testing of security controls and remediation tasks
9. Develops and supports cybersecurity incident response plans
10. Works closely with other departments to implement and maintain security controls

Expectations ________________________________________________

Bona Fide Occupational Qualifications_____________________________

1. Strong understanding of network architectures, network security devices such as firewalls, application security controls, Windows operating systems, DLP solutions, SIEM technologies, and Active Directory required.
2. Understanding of cybersecurity risks and threats required
3. Excellent oral and written communications skills required
4. Minimum of 10 years’ experience in IT required
5. Previous management experience preferred
6. Project management experience a plus
7. Degree or certifications in Information Security related studies required (CISSP, CEH, GIAC, Comp TIA Security, etc.)