American Savings Bank

Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Information Security Risk Analyst

at American Savings Bank

Posted: 10/4/2019
Job Reference #: 5000521175106
Keywords: security

Job Description

Job Description

Supports the company's information security program to ensure that information security standards, practices, & controls are in place to adequately mitigate risk to the bank. Enables proactive, comprehensive, and consistent technology and information-related risk management practices across the bank.

  • Provide support for security-related FFIEC, and SOC 2 compliance controls and audit systems, services, and processes to verify adherence to company security policies and procedures.

  • Assist with maintaining and reporting on the bank's security posture that leverage and align to industry frameworks (e.g. NIST, CIS CSC, etc.).

  • Regularly analyze program/project status, risk management reports, and results from risk assessments and tests of controls.

  • Develop and maintain IT Security policies and procedures.

  • Maintain and enhance the IT Security Awareness initiative at the bank. (Bank-wide/departmental information security training, articles/posters, desktop exercises, etc.).

  • Maintain current knowledge of evolving information security risks, cyber security, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.


Education Requirements

Bachelor's Degree in Computer Science or a related technical field; or the equivalent combination of education; professional training or work experience.

Minimum Experience Required

  • Two (2) years direct experience in developing information security programs and assessing effectiveness of such programs, preferably within a financial services organization.

  • Two (2) years working knowledge of security frameworks and general areas of Information Security.

Required Skills or Training

  • Demonstrate understanding of a broad range of Security Frameworks and standards such as PCI, NIST, ISO 2700 series, etc. Knowledge of the SOX, Federal Financial Institutions Examination Council (FFIEC) and section 501(b) of the Gramm-Leach-Bliley Act is a plus.

  • Knowledge of networking, operating systems, platforms, client/server, web applications, and general information security technologies is a plus.

  • Demonstrates strong interpersonal, verbal, and writing skills to effectively communicate to a diverse audience.

  • Demonstrates in-depth analytical skills, including the ability to consolidate broad data sets from multiple sources, both internal and external, to identify patterns and/or risk factors.

  • Able to build and maintain relationships across diverse technical and non-technical teams.

  • Must be self-motivated with a strong willingness to learn in a hands-on learning environment. Critical thinker with the ability to research, develop and communicate IT risks and controls.

Professional Certifications, Licenses, and/ or Registration Requirements

Must hold one or more of the following information security certifications (or must be obtained within 12 months of hire: (ISC)2 CISSP or CCSP; ISACA CISA, CISM, or CRISC; CompTIA Security+.