Information Security Analyst II

Job Description

The Information Security Analyst II is responsible for safeguarding the bank's sensitive data, systems, and customer information from cyber threats. The Information Security Analyst II will monitor and respond to security incidents, perform risk assessments, support audits and the implementation and management of security policies and controls to ensure compliance with industry regulations. This position requires a proactive problem‑solver with solid technical skills and an understanding of cybersecurity best practices in a banking environment.

• Security Monitoring & Incident Response:
  Investigate security incidents, document findings, and assist in developing incident response plans to minimize impact and prevent recurrence.
• Risk Assessments:
  Conduct periodic risk assessments and recommend mitigation strategies to ensure that the bank's information systems are protected against evolving cyber threats.
• Policy & Compliance:
  Assist in the development and enforcement of security policies, procedures, and controls to meet industry best practices and regulatory requirements (e.g., PCI DSS, GLBA, SOX, FFIEC).
• Threat Intelligence:
  Stay updated on emerging threats, vulnerabilities, and security trends. Collaborate with other departments to proactively enhance the bank's security posture and strategies.
• Audits:
  Conduct periodic audits of security controls and assist with internal and external audit requests as needed. Coordinate vulnerability remediation efforts and track progress.
• Reporting & Documentation:
  Document security incidents, assessments, and activities. Assist in the creation of regular reports for management on the status of the bank's security posture.
• Security Awareness & Training:
  Support and participate in security awareness training programs for bank employees to promote safe computing practices and a culture of security awareness.
• Collaboration:
  
  Work closely with IT, compliance, and other departments to resolve security issues, implement security controls, and ensure that security measures are embedded into all areas of the bank's operations.

This position has no supervisory responsibilities.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Technical proficiency in security‑related hardware and software; ability to function as a consultant to other IT groups on security matters.
• Knowledge of security controls for servers, workstations, network routers, and firewalls.
• Knowledge of security and internal control frameworks such as ISO 27001, NIST 800‑53, COBIT, and COSO.
• Experience with implementation and management of compliance requirements such as PCI and SOX.
• Understanding and familiarity with audit requirements and process.

Bachelor's degree (B.

A.) from a four‑year college or university, preferably in Cybersecurity, Information Technology, Computer Science, or a related field.

• Experience:
  
  3–5 years in information security or related IT role, preferably in a financial services or banking environment.
• Certifications (Preferred): CISSP, CISM, CISA, CEH, CompTIA Security+, GSEC, or similar.

Frequent standing; walking; sitting; use of hands for handling, talking, hearing; occasional reaching, climbing, balancing; occasional stooping, kneeling, crouching, crawling; lifting 10 to 25 pounds frequently, occasionally up to 50 pounds; vision needed for close focus.

The noise level in the work environment is usually moderate.

Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, pregnancy, genetic information, disability, status as a protected veteran, or any other protected category under applicable federal, state, and local laws.