Previous Job
Information Security Analyst
Ref No.: 18-01130
Location: New York, New York
Bachelor's degree required. Professional experience considered in lieu of education.

Strongly preferred:
CISSP certification, or other security certification.

Preferably within a financial services environment, knowledge and experience with documenting and formalizing the security risks and controls surrounding enterprise data centers, network technologies, virtualization, unified communication, and mobility. Knowledge of enterprise control structure architecture and aligning security architecture controls, processes, and tools within that enterprise framework. Ability to perform managerial tasks like meeting coordination and project oversight. Strong communication skills to support the development of deliverables to the Board of Directors and for all levels of Bank management and staff. Preference for keen knowledge of security controls within a hybrid environment between AWS and traditional networks.

Repeated experience in security policy development or broad security operations management, and in developing and managing a security governance program. Security policy and architectural project management or security auditing background may be considered. Repeated experience in successful security incident monitoring and breach response management.

Oversee the efforts of information security professionals in all aspects of information security and physical security for the Bank. This covers policy, strategy, administration, governance, monitoring, compliance, guidelines, and standards. Develop and maintain a comprehensive enterprise wide Information Security Program for the Bank. Proactively promote the enhancement of information protection through the identification of risk themes by working collaboratively with all areas of the Bank.

Essential Duties:
  1. Provide security perspective on Bank projects during Project Gate Reviews when required and upon request. Be able to draft the ISO assessment of the project with assistance.
  2. Ensure information is protected across the Bank and that effective information security programs, strategies, practices, processes and systems are in place and functioning as required.
  3. Maintain access to independently verify and observe operational performance in a broad oversight perspective for information security, physical security, and all matters of cyber risk across the Bank and to carry out any special investigative requirements.
  4. Help manage the independent security review process: vendor selection, fieldwork, and assist with the drafting of reports suitable to the Head of Enterprise Services, senior management, and the Board of Directors.
  5. Maintain appropriate professional associations and certifications for the purpose of keeping abreast of security trends, issues, solutions, events, emerging threats, and having a perspective on the relevant industry advances.
  6. With guidance, develop training, awareness campaigns, specific scenario modules, documents, white papers, and other artifacts that help:
    1. Raise awareness all employees regarding their role in securing information in all forms.
    2. Articulate the choices of the Bank relative to information protection.
    3. Document what is secured and how we do the protection.
    4. Advise and alert all Bank employees on information security matters.
    5. Present current security topics in perspective for the Bank audience.
  7. Help define the Bank's information security program, policy, and standards. As assigned, guide operational areas across the Bank on procedures, guidelines, and instructions to support the Bank's policy and standards.
  8. Serve on Bank committees, teams, and efforts as assigned,
  9. Assist in the security incident response management process at the Bank: help manage the oversight of incident response, and the control of information events.
  10. As assigned, independently prepare reports capable of being delivered to the Board of Directors, CEO and senior management on information security, information protection, and information risk matters.
    1. As assigned, guide business unit managers and staff to ensure that their performance is within current exposure tolerances.
    2. As assigned, guide IT operational security unit managers and staff to ensure that their performance is within current exposure tolerances.
  11. Guide the planning of information security projects and annual budget.
    1. Monitor the security operations functions of the Bank. This is to be done with the goal of identifying themes in the events observed, ensuring the escalation of incidents, and answering questions that arise through oversight of how the Bank's security efforts are functioning.
    2. With assistance, review vended security offerings, recommend solutions, and review contracts.
  12. Gather the data to support the proper reporting of security measures and metrics. With guidance, draft reports that highlight these metrics.
  13. Assist with audits and examinations regarding information security and controls.
  14. Perform special tasks as assigned by the Director of, or a manager in, the Information Security Office.