Senior Information Security Analyst – System Integrations - Remote
Full Time
Elk Grove Village, IL 60007
Posted
Job description
Job Description:
Remote work allowed.
DUTIES & RESPONSIBILITES
First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida. As the largest privately held bank in Illinois, we now have over 60 locations and assets of $5+ billion. We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy. Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century. First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations.
The Senior Information Security Analyst – System Integrations oversees security integrations to ensure sensitive data is kept confidential and the Bank has the proper system and processes to protect and prevent threats from being carried out. This individual must be fully aware of the enterprise’s security goals as established by the regulatory landscape, company policies, procedures, and guidelines and partner cross-functionally towards achieving and optimizing those objectives. In addition, this individual is expected to have outstanding problem-solving skills, meticulous attention to detail, and a sound understanding of cybersecurity and the financial sector requirements.
Remote work allowed.
DUTIES & RESPONSIBILITES
- Lead First American Bank’s security integration program across all of the Bank’s systems and processes, serving as the primary point of security integration activities, including but not limited to, analyzing, quantifying, validating, testing, and tracking identified information security compliance and risks as well as reviewing, documenting, and tracking risk exception requests and facilitating risk management discussions with key stakeholders.
- Ensure all projects and system development follow the necessary corporate security policies and procedures defined, developed, implemented, and maintained for a seamless workflow.
- Partner with key stakeholders in the Business Units, Technology, Compliance, Internal Audit, Legal, and Third Parties to review and provide security guidance on current and new processes, maintain evidence and artifacts for internal and external audits.
- Identify and analyze new and emerging requirements for policy impacts; develop and update policies, procedures, standards, and guidelines.
- Manage and track cybersecurity audit engagements and due diligence activities. Utilize working knowledge of information security best practices to ensure sufficient IT controls are in place to meet our external audit and client requirements.
- Help to build and manage technical standards for secure development across the organization.
- Develop internal libraries to build systematic protections for classes of vulnerabilities and to shield developers from dangerous code or unsafe defaults in third-party libraries.
- Manage third-party code reviews for high-exposure projects.
- Plan, study, and then design a resistant security architecture for various IT projects.
- Develop prerequisites for networks, firewalls, routers, and other network devices.
- Perform vulnerability assessment, security testing, canning, and risk analysis.
- Research and implement updated security standards, systems, and best practices.
- Maintain and document a comprehensive understanding of the company’s technology and information systems.
- Plan, investigate, and build reliable, powerful, and flexible security solutions and architectures for the Bank’s cross functional deliverables.
- Develop and maintain standards for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices to determine their efficacy and efficiency.
- Ensure firewalls, VPNs, routers, servers, and IDS scanning technologies are reviewed and approved before installation.
- Prepare the cost estimates and other potential integration concerns for all cybersecurity measures.
- Oversee application compliance cross functionally to ensure risks to the organization are identified and processed in accordance with the Information Security Risk Management Program.
- Evaluate and recommend improvements to the company’s information systems control environment, risk management, and Information Security audit processes to reduce duplicate audit requests in addition to minimizing Process Owner dependency to obtain control evidence.
- Facilitate the ongoing management of Information Security Policies, Standards, Guidelines, and Procedures to coordinate awareness cross functionally.
- Analyze and measure compliance objectives and foster initiatives with established Information Security policies and procedures by examining IT records, reports, operating practices, and documentation.
- Create and maintain dynamic dashboards and/or scorecard for visibility of Information Security Governance activities.
- Provide security recommendations to other team members, management, and business stakeholders for solutions, enhancements to existing systems, and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Maintain up-to-date detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.
- Assess system configurations of company solutions per the established baselines for those security systems solutions partially or wholly operated by the InfoSec team.
- Identify security requirements based upon need or as the result of a security issue that puts organizations’ systems at risk.
- Conduct and complete additional assignments/projects as designated by management.
QUALIFICATIONS
- High school diploma or equivalent required. A degree in Information Technology/Computer Information Systems or related field preferred.
- SANS, IA, GIAC, SSL, DHCP, DNS, SSCP, CISSP, CISA, CISM, CEH, Security+ and / or similar certifications is a plus.
- Eight years of experience in proactively identifying potential Information Security controls risks, issues, and opportunities through analytical thinking and offering sustainable recommendations that address root cause rather than symptoms.
- Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO, SANS control framework. Framework, 800-53, NIST CSF. CIS Top 20, FFIEC Cybersecurity Assessment tool), GLBA preferred.
- Experience working in a highly regulated industry (financial services or health care) desired. Familiarity with software development process and practice and banking technologies and applications a plus.
- Experience designing security architectures that enable the organizations security objectives.
- Expertise in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation.
- Ability to conduct security risk assessments across a variety of platforms and architectures.
- Ability to conduct vulnerability assessments, scanning and testing to ensure risks are identified prior to systems migrating to production.
- Experienced with operating systems like Windows, Linux, and UNIX.
- Network security architecture and its development are both important to understand.
- Wireless security, such as routers, switches, and VLAN security, is something that everyone should be aware of.
- DNS security principles such as routing, authentication, VPN, proxy services, and DDOS mitigation technology are all covered.
- An understanding of NIST 800-53. NIST CSF, ISO 27001/27002, COBIT, and ITIL frameworks are required.
- Third-party and cloud risk assessment methodologies.Ability to script and automate repetitious tasks.
- Experience with identity management platforms and protocols like SAML and OAuth to REST.
- Security subject matter knowledge and experience in anti-virus, anti-SPAM, intrusion detection, encryption, and general security policy.
- High level of personal integrity, and the ability to professionally handle confidential matters while exuding appropriate level of judgment and maturity.
- Excellent communication and organizational leadership abilities.
- Ability to blend exceptional attention to detail with an ability to retain strategic direction within a rapidly evolving entrepreneurial business culture. Ability to conduct research into security issues and products as required.
- Strong team player yet self-motivated and able to make progress independently.
- Highly organized with proven analytical and problem-solving abilities with ability to effectively prioritize and execute tasks in a high-pressure environment.
- Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to effectively tailor the message appropriately to the audience and situation.
- Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
- Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
- Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
- High proficiency with Microsoft 365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
- Experience with administration and architecture for one or more infrastructure technologies (networking, Windows OS, Linux OS, Active Directory, PKI, etc.) required.
- Working technical knowledge of several of the infrastructure technologies preferred (such as Active Directory, Server 2016 & 2019, Azure, 0365, and various AV products, Vulnerability Management).
- In-depth technical knowledge of and experience with one or more common security products and toolset (firewalls; intrusion prevention systems; web-security content management; authentication services; SEIM; etc. required).
- Working technical knowledge of wider a cross-section of the common security products and toolsets.
- Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows because of system upgrades.
- Occasional travel to other First American Bank locations, Bank functions and training facilities may be required.
- This position is remote but does require occasional travel to various locations throughout the Bank's market.
- Typical hours are Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
- Punctuality is required to maintain First American Bank’s customer service standards.
gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.