Vacancy expired!
The Information Security Analyst plays key role in the Information Security program with responsibility for collecting and analyzing technical and qualitative security data to provide actionable recommendations to bank leadership to mitigate security risk. The Information Security Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment.The Information Security Analyst role requires extensive critical thinking and problem solving, often using specialized frameworks or techniques to generate meaningful insight out of complex and technical data. Focus areas of security assessment by the Information Security Analyst include external threats and trends, applications and infrastructure security, cloud security, third party security and overall security program effectiveness in mitigating risk. The Information Security Analyst's goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties. This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information.The Info Security Administrator keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank's overall risk appetite.This position level works on complex cyber security analysis and risk assessments of substantial scope requiring expert-level knowledge, including defining and maintaining procedures and techniques for collection, data correlation, and reporting to security and IT leadership. Experienced specialist in subject area field of analysis or assessment, such as cyber threat intelligence, cyber risk assessment, or cyber-related data sciences. Risks analyzed are be of substantial complexity and importance, and include both technical and qualitative reporting and communication productsResponsibilities
Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
Participate in other security support projects and duties as needed or requested
Basic Qualifications
Bachelor's degree in business, computer science or related field
Minimum of 7 years' experience in Information/Cyber Security field
Minimum of 10 year experience in cyber security operations, incident response, IT risk management or investigations
Skills and Knowledge
Masters' degree in business, computer science or related field preferred
Security certifications (CISSP, GSEC, etc.) are highly desired.
Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
Experience in banking/financial industry is strongly preferred
Formalized training in cyber security analysis or assessment techniques
Demonstrated experience analyzing complex cyber security data sets within subject area specialty
Demonstrated knowledge of cyber security landscape threats, trends, technologies
Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with internal clients.
Strong commitment to working as a team and providing excellent customer service.
Exposure to banking or equivalent highly controlled technology environment is preferred
Represents basic qualifications for the position. To be considered for this position you must at least meet the basic qualifications.Equal Opportunity/Affirmative Action Employer, Minorities/Females/Individuals with Disabilities/VeteransNote : This preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.Note : Candidates should be advised that City National Bank does not pay interviewee travel expenses or relocation expenses for candidates who are hired unless previously agreed.Equal Opportunity Employer Minorities/Women/Protected Veterans/DisabledInformation Technology