The Information Security Analyst is responsible for assisting the Information Security Officer in the technical expertise of monitoring, evaluating, and maintaining the Bank’s Information Security Program, Policies and Standards to ensure that adequate security controls are in place to protect the confidentiality, integrity, and availability of information systems.
This position will primarily be a remote working role with ability to come into the office as needed (Berwyn, PA, Chestnut Hill, PA, Bryn Mawr, PA or Wayne, PA).
- Provide appropriate guidance to the first line of defense, ensuring risks are understood and managed to minimize the likelihood of cyber exploits, failed critical service provider support, and lengthy business disruptions that put the Bank’s customers and franchise value at-risk.
- Assist the Information Security Officer in leading the monthly Information Security Program update meeting by working in conjunction with IT to monitor system security reports and provide management relevant detail to protect and ensure the safety of the Bank’s information assets
Policy and Program Management
- Partner with First Line of Defense to ensure proper implementation of critical controls, ensuring practices and processes adhere to policy requirements and effectively mitigate enterprise risk.
- Effectively perform monitoring and testing procedures to evaluate First Line of Defense compliance with established policies and programs.
Information Security Program
- Direct First Line of Defense personnel to perform Information Security / Cyber Security controls and review and challenge results where applicable to conclude on the operating effectiveness to support Internal and External audit requirements.
- Perform Information Security / Cyber Security controls, such as the monitoring of administrative access logs, on a defined basis and track the results using the BMT content management system to support Internal and External audit requirements.
- Perform regular social engineering tests, such as Phishing, Vishing, and Physical Security, and present results to Senior Management and create necessary action plans to manage risk within the enterprise’s acceptable risk appetite.
- Communicate observations and issues to senior and executive management assist in the creation of monitoring and testing results which are presented to regulators and the board of directors.
- Work in conjunction with IT to design and develop systems that monitor system security, such as creating threat mailboxes, and provide management timely reports to protect and ensure the safety of the Bank’s information assets
- Actively monitor email and voicemail to ensure reported Cybersecurity threats are acknowledged timely and escalated to Senior Management as needed.
- Minimum of three years of experience in information security, information technology, or related field
- Working knowledge of, and experience in the policy and regulatory environment of information security
- Excellent project management, written and oral communications skills with multiple levels of employees and management, up to the Executive level
- Demonstrated proficiency with computer programs and applications
- Ability to multi-task and run multiple projects concurrently while meeting deadlines; must be calm under pressure and competing priorities
- Experience in a team environment – must work well with a variety of backgrounds and experience levels, internal associates and external vendors, regulators and law enforcement.