Information Security analyst

Information Security Analyst Introduction:

The Information Security Analyst will be responsible for designing, developing, and implementing information security programs, policies, and standards for the Bank. They will work under ISO''s supervision to define and implement information security roadmap and strategy. The analyst will also conduct cyber security assessment and control validation reviews, monitor non-compliance issues, and provide training and awareness to end users on cyber security topics.

Responsibilities:

Design, develop and implement information security program, policy, and standards for the Bank. Work under ISO''s supervision to define and implement information security roadmap and strategy. Design, develop, and implement cyber security assessment and control validation reviews. Monitor and track all non-compliance issues and gaps to information security policy and standards. Review and maintain access control processes such as access re-certification, revocation, etc. Provide training and awareness to end users on cyber security related topics. Provide periodic reporting to ISO and management on information security issues and gaps. Interface with internal, external, and third party contacts. Partner with risk management and internal audit on enterprise-level issues and provide cyber-SME services. Perform all functions as assigned by ISO. Provide high-quality work by ensuring accuracy and seeking to continuously improve Information Security processes.

Requirements:

Bachelor''s degree or equivalent. At least two years of hands-on experience in cyber governance & cyber risk management related work or internship. Good knowledge of

NIST 800-53, ISO 27001, CIS

critical controls, FFIEC handbook. Ability to perform cyber risk assessments in perimeter, network, host, and application level. Working knowledge with GRC tools and risk acceptance, policy exception, and issue tracking process. Good understanding and knowledge of IP Network, Microsoft Windows, Linux, UNIX, Database security. Working knowledge of Access control (IAM) processes and tools. Able to develop & maintain cyber security policies and standards in accordance with regulatory requirements. Able to provide end-user security awareness training and phishing exercises. Security+ certification would be a plus. Able to demonstrate clear communication, excellent writing, and presentation skills.