This incumbent will provide Security Services and Cyber Defense functions as required to fulfill the Bank's information security program requirements. This incumbent will provide support to Security Architecture, Security Engineering, Security Operations, Identity & Access Management, Threat Management, Vulnerability Management and Penetration Testing functions.
Job Responsibilities include but not limited to:
Security Architecture, Security Engineering & Security Operations
- Provide Security Standards and requirements for all in-house and Third-Party applications being built or procured by the Bank
- Provide support and expertise to IT to find security solutions that meet requirement
- Manage assigned security monitoring tools for daily security monitoring which includes but not limited to: network devices, platforms, databases, applications
- Design, configure and enhance assigned security tools for effective security event monitoring and escalate accordingly
- Conduct assigned security tools rule and configuration validation and monitored devices recertification
- Identify and escalate security issues and assist in cybersecurity incident investigations
- Perform regular maintenance of assigned security tools including software upgrades, license updates and fine tuning of rules and configuration
Threat Management, Vulnerability Management & Penetration Testing
- Conduct threat assessment and modeling as required
- Conduct vulnerability scans of internal and external network
- Present results to IT and partner to perform analysis, set criticality levels and assign timelines for remediation
- Provide oversight of IT remediation, track and report all findings to the Information Security Committee
- Coordinate penetration testing exercises in collaboration with IT
- Present results to IT and partner to perform analysis, set criticality levels and assign timelines for remediation
- Provide oversight of IT remediation, track and report all findings to the Information Security Committee
Identity & Access Management
Conduct User Recertification & Access Reviews throughout all BOC applications on a periodic basis
Job Requirements
- Bachelor s degree in Business, Computer Science, Management Information Systems, Engineering, Mathematics, or related field is required
- Minimum 1 years of work experience in Information security, cybersecurity, vulnerability management, security architecture, network, security tools and computer systems administration
- Minimum 1 years of experience in risk management
- Good understanding of regulatory requirements including FFIEC, GLBA, NIST
- Knowledge of Information security and cyber security best practices
- Knowledge of systems administration such as Windows Server, Active Directory management, Firewall, UNIX system, network architectures, etc.
- Knowledge of security tools such as SIEM, DLP, XDR, EDR, Web Filter etc.
- CISSP/CRISC/ or IT related certifications preferred
The salary range for the Associate position is $42,000 - $90, 0000 per year. Actual salary is commensurate with candidate s relevant years of experience, skillset, education and other qualifications.