Job Details

Job Type

Full-time

Description

The Information Security Analyst is part of Poppy Bank's Information Security Team who proactively administer & maintain our cybersecurity risk posture. The incumbent will be experienced in information security and work under minimal supervision from the Information Security Officer. This position will be a liaison and collaborator with business units and work closely with the Information Technology team, various departments, and a variety of vendors that supply the bank's layered information security architecture. The incumbent is responsible for ongoing and continual administration, monitoring and reporting of information security events and the platforms that generate those events. Platforms include security awareness, breach & attack simulation, identity & access management, secrets management, vulnerability & patch management, end-point protection, and data-protection among others. The incumbent will work closely with a Managed Security Provider as some of the security platforms are outsourced to an MSP. The Information Security Analyst assists the ISO in responding to and mitigating threats across the organization.

The incumbent will work closely with the Information Security Officer in identifying analyzing and responding to emerging threats to the environment adjusting the security configurations accordingly. The Information Security team frequently collaborates across the organization in securely deploying new technologies and processes that support the business while protecting the Bank and its customers. The incumbent may serve as a liaison with the Bank's Compliance and Audit teams, ensuring close tracking of various audit and exam Where division of duties permit, the incumbent will assist the Information Technology team in various projects and tasks. This position requires that the individual work in office, independently, and with minimal supervision.

Ensures compliance within all Bank policies and procedures, as well as all applicable state and federal banking regulations.

Essential Duties and Responsibilities include the following:

• Configure, manage, monitor and report on multiple cyber security platforms and controls such as enterprise security awareness, breach & attack simulation, asset management, identity & access management, email security, and infrastructure & end-point security.
• Monitor and respond to alerts from various information security platforms
• Assists with implementation of policies or procedures and remediates compliance issues throughout the organization
• Work closely with internal IT, vendors, and third-party MSPs to identify and remediate vulnerabilities, manage risk and optimize security.
• respond to audits and exams and track remediation efforts to conclusion
• Diagnose and research causes of security issues (e.g., misconfigured DNS records, exposed insecure protocols, use of known vulnerable software, weak ciphers)
• Collaborate with IT to ensure secure deployment of new & existing capabilities and product deployments comply with security policies and standards
• Monitor and report on emerging cybersecurity threats and trends and provide recommendations to internal teams on how to mitigate risks.
• Respond to security incidents and/or policy violations
• Track, and report on the security risk register, Key Performance Indicators (KPI)/Key Risk Indicators (KRI) and MSP service tickets to the Information Security Officer and update the department at weekly Team meetings
• Implement proactive preventative measures
• Perform scheduled software/hardware system checks & upgrades (may involve occasional after-hours work)
• Research, install, configure, maintain, and monitor cyber security platforms
• Maintain strong knowledge of the threat landscape and mitigation strategies
• Document internal processes and procedures related to duties and responsibilities
• Minimum of 10 hours CRA volunteer hours per year. Volunteer hours are typically scheduled within business hours. This is compensable time and mileage is reimbursed
• Other duties as assigned

Supervisory Responsibilities: None

Qualifications:

• A minimum of 4 years of experience as an Information Security Analyst or similar role.
• A BA/BS degree in Computer Science or related discipline; or an equivalent combination of experience and education.
• Security certification(s) such as security+, CEH or similar is preferred
• Experience in the highly regulated banking industry is preferred.
• Experience in securing Saas environments is preferred.
• Proficient understanding of IT concepts and principles, including strong knowledge of networking, server management, firewall, SD-WAN, and virtualization technologies.
• Familiarity with security frameworks and standards (e.g., NIST Cybersecurity Framework (CSF), NIST 800-53, CIS Security Controls, MITRE ATT&CK)
• Understanding of the following technologies: PC's, laptops, printers, mobile devices such as Apple iPad, and other peripherals, networking, Active Directory, Exchange, Windows, Microsoft Office, anti-virus / anti-malware software.
• Working knowledge of Windows 10, Server 2016, Server 2019, Office 2019, M365
• Ability to prioritize and manage multiple tasks to meet deadlines
• Ability to interact with a wide range of internal staff members and external professionals, including consultants, vendors, auditors, technical staff, and others
• Intermediate level experience with creating technical documentation.
• Experience of working in a fast-paced, team-oriented environment, with the ability to positively contribute to cross-functional teams
• Intermediate level knowledge of networking/security solutions including firewalls, IPS, SIEM, LAN/WAN, wireless, VPN, VLANs preferred
• The ability to learn quickly and adapt to changing requirements

Physical/Mental Demands & Work Environment:

The incumbent in the course of performing this position frequently spends time writing, typing, speaking, listening, operating basic business equipment, seeing (such as close, color and peripheral vision, depth perception and adjusted focus), sitting, walking, standing, reading documents or instruments, detailed work, problem solving, client contact, reasoning, math, language, presentations, verbal and written communication, analytical reasoning, stress, multiple concurrent tasks, and constant interruptions. The incumbent for this position will occasionally lift up to 15 pounds, pull, squat, kneel and reach. The incumbent is in a non-confined office-type setting in which he or she is free to move about at will. The work environment is typically quiet to a moderate noise level.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Management reserves the right to change this position description at any time.

Requirements

See qualifications above.

Poppy Bank provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

For San Francisco Postings, review Fair Chance Ordinance .

CA Privacy Notice to Applicants/Employees

Salary Description

$72,205-$117,307 DOE