Information Security Analyst I- ON SITE- TYLER, TX

Position Title:                        

Information Security Analyst I                                                

FLSA Status:                         

Exempt (17E) 

Reports to:                             

Chief Information Security Officer

Location:

Tyler Technology Center

Benefits:

• Medical, Prescription Drugs, Dental, and Vision Insurance 
• Insurance Eligibility for Team Members and Dependents Starting on the First Day of Employment
• 401(k) with a Match 
• Basic, Voluntary, and Dependent Life Insurance 
• Paid Time Off
• Paid Bank Holidays 
• Workplace Wellness Programs
• Employee Assistance Programs
• Tuition Reimbursement 

Summary of the Job:  Support IS department risk management process including risk assessments, analysis, and provide mitigation recommendations in a regulated environment. Assist in overseeing department governance, policies and procedures, monitor and respond to security incidents, as well as conduct security scans of company facilities to ensure adherence to policies and procedures.

Essential Functions:

• Maintain a positive and caring atmosphere for customers and employees consistent with Southside Bank’s mission and Core Values.
• Provide enthusiastic, professional, and courteous service to Southside Bank employees focused on information security awareness and training.
• Operate a comprehensive enterprise wide information security program.
• Recommend and implement changes as need to ensure confidentiality, integrity and availability of the enterprise network and systems.
• Serve as primary incident handler and report on IT security incidents providing initial assessment of impact severity and types of incidents being addressed. Perform triage on incidents and ensure an appropriate level of response and communication to management, I/T staff, and enterprise.
• Assist in the development of technical security standards to support policies, including creating, coordinating and monitoring standards and incident investigation procedures.
• Provide up-to-date documentation and procedures on security, system, and software product administration.
• Operate patch management to ensure efficient and timely mitigation of vulnerabilities.
• Assist in third-party risk management analysis, including review of provider’s system and organization controls.
• Perform user access reviews to ensure privileges are adequate.
• Perform periodic operating system and application security assessments of routine-to-moderate complexity and review for evidence of vulnerability or compromise; assist with the implementation of resolution.
• Maintain accurate KPI and KRI metrics that translate to proactive monitoring and risk reduction.
• Study and maintain current knowledge of security issues.
• Report issues to the department personnel responsible for the resource.
• Assist in resolving information security discrepancies at the physical, operational, and technical tiers.
• Adherence to strict change management practices and procedures.
• Understands and agrees to abide by the policies and procedures established at Southside Bank.
• Must comply with all applicable laws and regulations.
• Performs duties in compliance with applicable laws and regulations, including but not limited to the Bank Secrecy Act (BSA) and related anti-money laundering laws, and in accordance with the Bank’s Information Security Program.
• Maintains the security and confidentiality of pertinent information and records.
• Perform other duties as assigned.

Additional Functions:

• Participate in proactive team efforts to achieve departmental and company goals.
• Serve as a security model to others through example and sharing of knowledge/skill.
• Perform other duties as assigned.

Required Education/Experience:   

• Four (4) year college degree from an accredited college or university with classwork in Information Security, or equivalent education and experience.
• Two (2) years in information security or incident handling, preferably in IT risk management.
• Two (2) years user account administration, security object maintenance and access controls.
• One (1) year information security audit experience.
• One (1) year control implementation experience in COBIT framework FFIEC, SOX, and other regulatory bodies.
• One (1) fundamental security certification (Security , MTA, CSX, GISF)
• Obtain and maintain at least two security certifications within one (1) year of employment.
• Sound background in cybersecurity concepts, protocols, networking, hardware, and software.  
• Strong experience with Windows, Linux.  

Necessary Skills:  

• Strong logical ability, problem solving ability, good oral and written communication skills, thorough, takes initiative, professional appearance/demeanor, dependable, flexible with schedule, loyal, organized, and courteous.

Physical Activity/Dexterity:

• Manual dexterity sufficient to reach/handle items and work with fingers.  Works with fingers and perceives attributes of objects and materials.

Physical Environment Demands:

• Must be able to remain in a stationary position 90% of the time.
• The person in this position needs to occasionally move about inside the office to visit other offices, conference rooms, office machinery, etc.
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine, and telephone.
• Constantly positions self to operate on a computer.
• The person in this position frequently communicates with other people throughout each day.  Must be able to exchange accurate information when conversing.  

Working Conditions/Environment:

• Well-lighted, heated and/or air-conditioned indoor office setting with adequate ventilation.
• Moderate noise (e.g. business office with computers and printers, light traffic).

Work Schedule/Hours:

• Monday through Friday; 8:00 a.m. – 5:00 p.m.
• Available for extra hours as needed.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.  However, employees who have access to the compensation information of other employees or applicants as part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)