Job Description :
Information Security Analyst - II

Education: Bachelor's Degree or 4 years equivalent experience; Bachelor's Degree preferred. Experience: Two to five years. Functional Knowledge Preferences Knowledge Areas: · Info Security Frameworks · Network Design & Architecture · Product Testing & Evaluation · Technical Writing Technical Skills: · Microsoft Command Line Tools ·Microsoft Scripting Platforms · Vulnerability Management Tools · SIEM Tool Experience Certifications/ Licenses: ·GCWN/GCUX/GSEC/ GISF CISA/CAP/ SSCP · GCIH / GCIA / GPEN · Security+ Individual Competencies ·Demonstrates Self-Awareness · Problem Solving · Action-Oriented · Collaborates · Communicates Effectively

Responsibilities:

Position Summary: Under limited supervision, contributes to a comprehensive information security strategy. Serves as the primary point of contact on matters of information security incident response, threat management, policy, risk assessment, and compliance. Represents the Information Security Department in client interactions and recognizes opportunities to improve the user experience, including problem resolution. Partners with business clients to assess risk and recommend solutions to facilitate secure business. Proactively identifies process improvements and remains abreast of advancements that address emerging business and environmental factors impacting assurance levels. Generally operates in one or more areas including threat management, incident response or compliance. Key Responsibilities: · Serves as a primary customer support representative for the Information Security Department. Provides client access support and recognizes opportunities to optimize the use of technology to improve the customer experience. Resolves customer access issues and addresses system/service access requests. Offers guidance and recommendations to business lines and IT team on security requirements and best practices. Communicates security threats, policies, standards and guidelines in clear terms to non-technical personnel. · Reviews security policies and procedures and recommends methods to comply with security requirements. Monitors and analyzes open source and internal data sources to identify trending security issues and alert management to developments, changes and shifts in risk. Contributes to risk assessments and reviews complex, technical documents, diagrams and plans to identify security requirements and recommend controls. · Performs security incident operations, including after-hours response activities, event escalation coverage, and incident reporting. Contributes to and participates in security incident plan exercises. Identifies, investigates and escalates information security incidents on the district network. · Contributes to a comprehensive, business aligned threat and vulnerability management program. Conducts threat modeling and analysis activities of business processes and current/potential IT solutions. Develops recommendations for business partners to remediate vulnerabilities, institute compensating controls or request risk acceptance decisions. Tracks metrics and measures to substantiate efficacy of the program. Provides feedback to intelligence gathering organizations. ·Works with information system owners to categorize systems; select, implement and assess controls; and frame, assess, respond and monitor risk to the business. Conducts risk and vulnerability assessments and prepares assessment reports following standard practices. Maintains risk and vulnerability management records. · Advises information security colleagues and business clients on information security requirements, compliance responsibilities and methods to protect Bank resources and sensitive information. Designs and implements security processes, procedures and tools to meet the Bank's compliance requirements as defined in approved security frameworks.