Senior Information Security Analyst

OVERVIEW:

The Sr. Information Security Analyst is a member of the Information Security Team and is responsible for assisting with the strategic development, implementation, and management of the Bank’s Information/Cyber Security Program, Risk Management Program, and assisting the Chief Information Security Officer (CISO) in other areas, as needed. The Sr. Information Security Analyst acts as a key resource to Bank management/personnel in the risk management areas and must effectively interact with all levels of management and provide consultative advice as it relates to Bank policies, applicable laws/regulations and related risks.  The Sr. Information Security Analyst reports directly to the VP, Team Lead and assists in carrying out the collective responsibilities of the Information Security Department.

PRIMARY ACCOUNTABILITIES / RESPONSIBILITIES:

The Sr. Information Security Analyst performs all functions necessary, within scope of authority and expertise, to provide the highest level of service and responsiveness to colleagues and customers and the communities in which the Bank serves.

• Responsible for analyzing information security systems and applications and recommends security measures to protect information against unauthorized modification or loss.
• Responsible for ongoing monitoring of key security programs within the Bank; Vulnerability and Patch Management Programs and End-Point Protection.
• Member of the Incident Response Team – investigate cybersecurity events or crimes related to information technology systems, networks, and digital evidence. Leveraging security tools and security partners. Able to communicate threat impact to the Bank via threat or risk assessment.
• Responsible for ongoing monitoring of cyber intelligence sources and security tools.
• Performing ongoing key control testing ensuring control effectiveness.
• Assist the team with the overall compliance of critical GLBA programs.
• Information/Cyber Security Program – Assists with managing the Bank’s Information Security program.
• Responsible for obtaining and maintaining proficient knowledge of federal and state laws and regulations applicable to the Bank in the areas of vendor and third-party management, risk management, business continuity planning, and other areas of responsibility. Obtains and maintains knowledge of Bank services, policies, and procedures.
• Research and Consultation - Research regulatory, methodology and best practices questions and provides opinions and recommendations based upon research.   Provides guidance and direction to business areas, as needed. Also responsible for making related recommendations for policy and procedural changes, as appropriate.
• Risk Assessments – Activities may include coordinating or conducting risk assessments, or sections thereof, reviewing risk assessment documentation and conclusions, tracking, and monitoring risk assessment activities, and developing, implementing, and tracking action items relating to completed risk assessments. Ability to effectively identify and assess compliance, legal and reputational risks and recommend appropriate risk mitigating actions.
• Assist with Corporate Security Awareness Program.
• Participate in changing control processes to ensure changes meet security requirements.
• Keeps abreast of compliance, industry, and best practices activities through attendance at professional association meetings, seminars, and workshops, as appropriate, as well as through reading publications and newsletters.
• Represents the Bank through participation in various community and industry related activities. Actively promotes interest in the Bank whenever and wherever possible.
• Performs other duties as assigned.
• This role may require off-hour and weekend work as needed.

POSITION REQUIREMENTS :

• Bachelor’s degree or its equivalent in specialized course work and training.
• Five years’ practical information security experience.
• Information security certifications preferred, Certified Information Security Auditor (CISA), CISSP or similar industry certifications, but not mandatory.
• Preferred knowledge of banking laws and regulations.
• Exposure to bank related operations and products a plus.
• Strong analytical and decision-making skills. The ability to conduct effective research/analysis and clearly document supported conclusions/opinions. Ability to independently conduct Risk Assessments. Excellent communication, interpersonal, and organizational skills. Must be able to multitask, act independently and make decisions. Strong PC skills. Microsoft SharePoint a plus.
• Experience with cloud security.
• Experience with Incident Response and cyber related investigations.
• Experience with network security design, implementation, and support of an enterprise environment, preferably a banking environment.
• Knowledge of compliance and regulatory program requirements, such as GLBA, PCI, MA201.CMR.17, and various FFIEC Guidelines.
• Knowledge of the CIS-CSC controls, NIST Cybersecurity Framework and Cybersecurity Assessment Tool.
• Demonstrated project management skills and ability to track and report progress against established milestones, metrics, and deliverables.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.

Solid understanding of these key security control areas:

• Risk Management
• Cloud Security
• Application Security and API’s
• Endpoint Protection Systems
• Intrusion Prevention Systems
• Vulnerability Management
• SIEM
• Penetration Testing
• Patch Management
• System and Network Security Hardening
• Data Loss Prevention
• Multi-factor authentication
• Control testing
• Privileged Account Monitoring

SUPERVISORY SCOPE:

None directly.

INDEPENDENT ACTION:

Performs work independently within scope of established guidelines and practices. Consults with manager where clarification or exception to Bank policy may be required. Is able to take initiative and manage projects and program elements.

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed above are representative of the knowledge, skill, and/or ability required. Any physical demands or work conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

BANKNEWPORT CORE VALUES:

• We celebrate
• We empower employees to be creative problem solvers.
• We invest and take the time to really get to know our customers.
• We commit to serving the financial needs of Rhode Islander’s

Any physical demands or work conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

OceanPoint and BankNewport are committed to a policy of Equal Employment Opportunity and will not discriminate against an applicant or employee on the basis of race, color, religion, creed, national origin or ancestry, sex, age, physical or mental disability, veteran or military status, genetic information, sexual orientation, gender identity or expression, pregnancy, childbirth or related medical conditions, military service, marital status, or any other legally recognized protected basis under federal, state or local laws, regulations or ordinances.