What are the responsibilities and job description for the Information Security Analyst II position at Bank of the Sierra?
Job Summary
Under the guidance of the Sr. Information Security Officer (ISO), the Information Security Analyst II will assist with the ongoing development and monitoring of the Bank’s Information Security Program (ISP). The Analyst is responsible for monthly phishing campaigns, the annual info sec training program, second line testing of IT and information security controls managed by the first line, policies and procedures, and updates to the IT/IS risk assessment. Additionally, the Information Security Analyst II will assist the ISO in communicating with and guiding employees with ongoing risk analysis and reporting.
Essential Duties And Responsibilities
To perform this job successfully, an individual must be able to perform each essential duty efficiently and effectively. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION And/or EXPERIENCE
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. While performing the duties of this job, the employee is regularly required to sit. The employee frequently is required to talk or hear. The employee is occasionally required to stand, walk, and reach with hands and arms. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
WORK ENVIRONMENT:
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. The noise level in the work environment is usually very quiet.
Bank of the Sierra is proud to be an equal opportunity workplace and is an affirmative action employer committed to equal employment opportunities regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.
Under the guidance of the Sr. Information Security Officer (ISO), the Information Security Analyst II will assist with the ongoing development and monitoring of the Bank’s Information Security Program (ISP). The Analyst is responsible for monthly phishing campaigns, the annual info sec training program, second line testing of IT and information security controls managed by the first line, policies and procedures, and updates to the IT/IS risk assessment. Additionally, the Information Security Analyst II will assist the ISO in communicating with and guiding employees with ongoing risk analysis and reporting.
Essential Duties And Responsibilities
- Recommend updates to the Information Security Program (ISP) and procedural documents to ensure it remains current and reflects current regulatory guidance and best practices.
- Assist with the ongoing maintenance of Business Continuity Management and Disaster Recovery program including testing, business impact analysis, call tree, notification systems and other supplemental program documentation.
- Continuously monitor physical and logical security controls and assess their effectiveness through second-line testing. Testing will include data collection and analytics.
- Work closely with IT team and other stakeholders to understand technical aspects and implement effective security controls and testing programs.
- Create and manage internal employee education and testing programs (e.g., security bulletins, monthly phishing campaigns, semi-annual password audits, quarterly training assignment, etc.), including any required follow-up, to help foster a security conscious culture within the Bank.
- Track IT, InfoSec, Physical Security, and Privacy Incidents & Issues (I&I), ensuring the first line completes remediation activities timely and effectively, which includes performing validation of remediation actions.
- Assist in preparing quarterly I&Is, KRIs, and other risk analysis and trend reports for Management and Board Risk Committees.
- Assist with the coordination and preparation of annual updates to R-SAT and CRI profiles.
- Assist with coordination and preparation of examination and/or audit materials.
- Create and maintain key process documentation to ensure processes and procedures supporting the ISP are accurate, properly documented, and conducted efficiently and effectively.
- Remain current on all applicable federal and state laws and regulations and relevant regulatory guidance.
- Exercises awareness with regard to possible suspicious activity, money laundering, or fraudulent behavior.
- All other duties as assigned.
To perform this job successfully, an individual must be able to perform each essential duty efficiently and effectively. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION And/or EXPERIENCE
- Bachelor’s degree (B.A.) from a four-year college or university, preferably related to IT and/or Information Security; and five years of related experience and/or training; or equivalent combination of education and experience.
- Information Security, cybersecurity or IT certifications, such as CISSP or CISA, strongly preferred.
- Current knowledge of applicable federal and state regulations, including FFIEC regulatory guidance and security frameworks such as NIST and SANS
- Working knowledge of banking operations.
- Strong analytical, problem-solving, and critical thinking skills.
- Ability to communicate at all levels.
- Strong verbal and written communication skills.
- Detail-oriented with the ability to manage multiple tasks and prioritize work in a fast-paced environment.
- Proficient in Excel, Word, and PowerPoint.
- Current knowledge of applicable federal and state laws and regulations.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. While performing the duties of this job, the employee is regularly required to sit. The employee frequently is required to talk or hear. The employee is occasionally required to stand, walk, and reach with hands and arms. The employee must occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
WORK ENVIRONMENT:
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. The noise level in the work environment is usually very quiet.
Bank of the Sierra is proud to be an equal opportunity workplace and is an affirmative action employer committed to equal employment opportunities regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.
