Application Security Analyst On Site

Position Function:

The Application Security Analyst plays a critical role in identifying, assessing, and mitigating security vulnerabilities associated with the bank’s application portfolio, which includes developing and enhancing processes, policies/standards/procedures, and reporting to ensure risks are appropriately minimized. This includes Core banking, on-premises, and SaaS applications. A general understanding of security frameworks, risk management, and compliance standards is desired. The position requires working closely with departments across the bank and bank vendors to ensure applications are secure and compliant with relevant standards and regulations to help safeguard sensitive financial data, maintain regulatory compliance, and ensure embedded security. 

The ideal candidate will have experience in technology, information security, securing applications, APIs, etc. They will work closely with the business and project teams advocating security requirements to ensure applications and related security practices align with policies, standards, and best practices, while ensuring the security architecture and practices do not infringe on the needs of the business.

They will be responsible for:

• Maintaining and operationalizing information security risk management processes that are clear and understandable, workable, up-to-date, and reflect regulatory and CPB-specific requirements and issues. 
• Assisting in communicating such processes throughout the business, including holding training sessions where appropriate. 
• Assisting with the planning, coordinating, implementation, and management of security measures that proactively manage risks to computer systems and data, to prevent unauthorized modification, destruction, or disclosure of information, including outsider service providers. 
• Analyzing and appraising new products and/or systems for security weaknesses and provide measures to prevent exposure and loss.

Performs all duties and interacts with internal and external customers in a manner that is expressly aligned with the Company's Core Values of approaching all actions with a “Voyaging Spirit” and being “Positively Ohana”. Exhibits core competencies that result in consistent delivery of positive Customer Interactions, Empowerment and Ownership and demonstrates key professional and performance skills such as Active Listening, effective Oral and Written Communication, Action and Solution Oriented and Thoroughness.

Primary Accountabilities:

Maintaining the bank’s application security program, which consists of conducting security assessments on systems, application design, and infrastructure to ensure appropriate security controls and best practices are adhered to as part of the overall risk management practice of the organization to include, but not limited to:

• Serving as application security Subject Matter Expert for enterprise projects during development phases providing security consulting and validating implementation of approved security requirements, including security reference architectures, for security best practices, and recommending changes to enhance security and reduce risk.
• Performing ongoing risk-based reviews of applications to identify security flaws or other issues impacting the confidentiality, integrity or availability and ensures tracking until remediation.
• Conducting or facilitating threat modeling of services and applications that tie to the risk and data associated with the application or service.

Performing operational security duties to include, but not limited to:

• Development, maintenance, administration, and monitoring of application security platforms, tools, and processes.
• Conducting incident response exercises with colleagues throughout the organization and incorporates lessons-learned into existing security architectures and practices. 
• Conducting forensic analysis of security-related incidents in a manner consistent with best practices and guidance from the organization’s counsel, human resources, or law enforcement.

Other departmental duties and functions including, but not limited to:

• Performing risk analyses pertaining to the security needs of the bank and prepares recommendations based on risk/exposure versus cost. Prepares and presents research findings in written and/or oral form. Presents objectives, alternatives, risk analyses, and cost/benefit analyses.
• Assists with the planning and directing of information security activities of the bank to ensure compliance with internal/external audits, and to federal and State regulations, which include FDIC, relevant sections of the Gramm-Leach-Bliley Act (GLBA), and Sarbanes-Oxley Act Section 404 provisions, and other duties to be assigned.
• Identifies opportunities for incorporating tools or processes to facilitate efficiencies or process improvements.
• Maintains an outward-facing and forward-looking view to provide solutions to ensure that the bank’s Information Security Program is current and relevant. 
• Designs, implements, and manages Information Security data identification, aggregation, analytics, and validation to meet department goals.

Collaborate in maintaining application security documentation (policies, standards, procedures, templates, etc.) that may be applied towards security governance in projects and operations:

• Initiate and execute on process improvements, policy/procedure updates, etc.
• Tracking developments and changes in the digital banking and threat environments to ensure they are adequately addressed in security strategy plans. 
• Documenting data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.).

Awareness and Training

• Training other staff on policies and standards related to application security and identity management best practices, and also training staff on methodologies in conducting risk assessments related to this area.
• Remain updated on latest security threats and trends, providing interim reporting.

Minimum Qualifications:

Education:

• High School Diploma or GED equivalency required.
• Bachelor’s Degree from an accredited 4-year university in any discipline (preferably in the fields of Information Security, MIS, Computer Science, or a related discipline) preferred.

Experience:

• 6 years of experience and working knowledge in information security, application security, fraud management, and regulations and privacy laws pertaining to release of information, and security and access control technologies, or equivalent experience required (A relevant Bachelor’s degree may substitute for 2 years of experience).
• 1 years of data processing or analytics and related technical experience preferred.

Physical Requirements & Working Conditions:

• Must be able to perform light physical work and to move or lift items including but not limited to boxes, files and papers up to 20 pounds unless otherwise as indicated.
• Must be able to operate and proficiently use standard office equipment, including phone, copier, personal computer and/or other work related mechanical or electronic devices and applications.
• Must be able to clearly communicate verbally and in writing with all internal and external customers. Must also be able to hear sufficiently to engage in daily discussions and interactions.
• Must be able to read and understand bank-related documents. 
• Must be able to work in a conventional office setting, involving sitting at a desk or workstation for long periods of time.   Must also be able to adapt to different work environments as needed to perform the job.

We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing.