Description
Responsibilities include administration of systems utilized for collection/correlation of application and server logs as well as systems used for change management. Assists with the development of Information Security policies and frameworks in accordance to compliance requirements, FFIEC Cybersecurity Standards (as defined in the CAT), ISO 27001, NIST 800-37, and other best practices. Identifies and evaluates new security related technologies and provides recommendations to management. Investigate and document potential cybersecurity incidents. Other responsibilities include development and training of support staff, enforcement of corporate policies and procedures, development of procedures as needed. Participate on project teams as assigned, server as project manager/lead within IT security projects.
Works closely with other departments to implement and maintain security controls and technologies. As a member of the Information Security Risk Committee will meet regularly with other departments to discuss the current risk landscape, changes to security controls, and the security posture of the corporation. Works regularly with auditors and regulators to communicate established security controls and processes and provide evidence that controls are in place and executing.
Coordinates testing of security controls and remediation of identified weaknesses. Performs information security assessments associated with third party due diligence processes.
Strong understanding of network architectures, network security devices such as firewalls, application security controls, Microsoft Azure, DLP solutions, SIEM technologies, and MS Defender security products required. Understanding of cybersecurity risks and threats required. Excellent oral and written communications skills required. Minimum of 10 years' experience in Information Security required. Previous management experience a plus. Project management experience a plus. Candidate must have the ability to operate effectively in crisis or emergency situations and demonstrate strong problem solving skills. Degree or certifications in Information Security related studies preferred (CISSP, CEH, GIAC, Comp TIA Security, etc.).
Position may require non-traditional working hours to support projects. Provides 7x24 on call support as necessary.
Essential Job Responsibilities
1. Responsible for administration of systems utilized for collection/correlation of application and server logs as well as systems used to monitor change on internal devices.
2. Review of firewall, IDS, & VPN logs, analysis of windows audit and security logs, and examination of security logs relating to business critical applications.
3. Perform backup management responsibilities as assigned.
4. Act as a mentor for Information Security staff
5. Participate on project teams as assigned including the development and management of project components and project management for higher risk, complex projects.
6. Performs regular reviews and supports enforcement of corporate security policies
7. Develops and maintains Information Security controls, processes, and technologies
8. Coordinates testing of security controls and remediation tasks
9. Develops and supports cybersecurity incident response plans
10. Works closely with other departments to implement and maintain security controls
11. Develops metrics for establishing baselines that demonstrate the effectiveness of Information Security controls
12. Identifies gaps in corporate security architecture through security assessments and provides cost-effective recommendations to address open risks
13. Identifies emerging threats and risks, provides recommendations to mitigate
14. Promotes cyber security awareness throughout the corporation
15. Manages information security related projects
16. Provide 7x24 support as needed.
Expectations
1. Adheres to the Organizations' Core Values of Customer-Focused, Integrity, Excellence, Accountability and Inclusion.
2. Complies with regulations and laws relating to the function of the position. Abides by current organizational policies and procedures designed and implemented to promote an environment which is free of harassment and other forms of illegal discriminatory behavior in the workplace. Cooperates with, participates in, and supports the company's compliance with all regulatory requirements, e.g. Community Reinvestment Act (CRA), Equal Credit Opportunity Act, etc.
3. Responds to inquiries relating to his/her particular area, or to the requests from customers, other bank personnel, etc., within given time frames and within established policy.
4. Conducts all business affairs, both personally and as a representative of the organization according to the high ethical and professional standards established by FCFC and the banking affiliate Board of Directors, and according to the approved Conflict of Interest/Business Ethics Policy.
5. Responsible for adherence to all internal policies, procedures, and practices in support of risk management, information security and overall safety and soundness.
6. Assumes responsibility for assisting in his/her professional development; adheres to the guidelines and targets established within his/her Personal Scorecard.
7. Coordinates specific work tasks with other personnel within the unit or department as well as with other units and departments in order to insure the smooth and efficient flow of information.
8. Complies with established budgets and operates within budgetary constraints.
9. Other job-related duties as assigned or directed.
Bona Fide Occupational Qualifications
1. Strong understanding of network architectures, network security devices such as firewalls, application security controls, Windows operating systems, DLP solutions, SIEM technologies, and Active Directory required.
2. Understanding of cybersecurity risks and threats required
3. Excellent oral and written communications skills required
4. Minimum of 10 years' experience in IT required
5. Previous management experience preferred
6. Project management experience a plus
7. Degree or certifications in Information Security related studies required (CISSP, CEH, GIAC, Comp TIA Security, etc.)
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)
Apply on company website
Find Connections via Linkedin
