Security Analyst

Description

POSITION SUMMARY:

The Security Analyst is instrumental in strengthening the security posture of our infrastructure and applications by working closely with the Systems and Network teams to assess risks, vulnerabilities, and drive remediation efforts across the enterprise environment. Advises the Systems and Network teams on cyber security matters based on the company's risk tolerance, information security strategy, and as directed by either the Systems Engineer or Network and Security Engineer. 

OBJECTIVES OF THIS ROLE:

The Security Analyst assess risks, vulnerabilities, and drives remediation efforts across the enterprise environment. This role advises the Systems and Network teams on cyber security matters based on the company's risk tolerance, information security strategy .

RESPONSIBILITIES:

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

• Review system security reports on a daily, monthly and yearly basis.
• Drive cyber security specific strategic initiatives through assigned LOB areas. 
• Ensure LOB awareness of and compliance with IT/Security related policies and standards.
• Assist with ensuring adherence to information security policies, standards and procedures.
• Analyze security scan results, prioritize findings and provide clear guidance to technical teams for remediation.
• Advise on alternatives, such as compensating controls, to resolve issues and exceptions.
• Assist Systems/Network teams in identifying and remediating vulnerabilities in on-prem and cloud environments.
• Drive information protection strategy and initiatives through assigned LOB areas.
• Assist in security design and implementation of applications and equipment.
• Help identify and remediate business processes that are triggering data loss prevention 'DLP' monitoring tools. Develop and manage DLP parameters specific to LOB areas.
• Assist with internal and external audits.

SUPERVISORY RESPONSIBILITIES

This role has no supervisory responsibilities.

Requirements

QUALIFICATIONS:

EDUCATION and/or EXPERIENCE

• Bachelor's Degree or equivalent experience 
• 3+ years minimum experience cybersecurity, vulnerability management, pen testing or a related IT security role.
• Banking experience preferred
• Relevant certifications such as CEH (Certified Ethical Hacker), Security+, CISSP, Azure Security Engineer

ADDITIONAL REQUIREMENTS:

KNOWLEDGE AND SKILLS

• Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
• Basic understanding of industry standards (FFIEC, ISO, NIST, COBIT, COSO, ITIL) 
• Ability to manage multiple complex priorities and competing agendas without express authority over delivery teams. 
• Ability to interpret and apply policies and regulations.
• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker 
• High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions.
• Strong written and oral communication skills. Must be able to effectively communicate with Operations staff, bank clients, auditors, and outside vendors.
• Collaboration – Ability to work across departments as needed.
• Strong attention to detail
• Excellent organizational and time management skills
• Capable of handling customer and teammate contact situations tactfully and professionally.
• Ability to think critically and interpret a variety of instructions.
• Mathematical abilities to ensure calculations are done correctly.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

COMPLIANCE:

• As generally applicable to F&M Bank and commensurate with these job functions, this job role includes accountabilities for following Bank policies and related procedures, as well as regulatory requirements involving federal and state laws, regulations, and related guidance.
• Compliance with Bank Secrecy Act (BSA), including accurate completion of Currency Transaction Reports (CTR) when applicable, Anti-Money Laundering Act (AML), Office of Foreign Asset Control (OFAC) and the USA PATRIOT Act. Adhere to Customer Identification, Customer Due Diligence and reporting of suspicious activities to the BSA Department.

DIVERSITY STATEMENT: EXEMPT/SALARIED COMPETENCIES:

• Job Knowledge: Understands duties and responsibilities, possesses necessary job knowledge and technical skills, maintains job knowledge current.
• Productivity: Manages a fair workload, volunteers for additional work, prioritizes tasks, develops good work procedures, manages time well, and handles information flow.
• Quality: Is attentive to detail and accuracy, is committed to excellence, looks for improvements continuously, monitors quality levels, finds root cause of quality problems, owns/acts on quality problems.
• Self-Development: Seeks out and accepts feedback, is a proactive learner, takes on tough assignments to improve skills, keeps knowledge and skills up to date, turns mistakes into learning opportunities.
• Adaptability: Ability to plan and organize work in new or changing situations, to apply self in emergencies and to respond to new procedures.