Only Candidates with US Work Authorization will be considered.
Position Summary:
The Junior Information Security Compliance Analyst will work closely with the Senior Information Security Compliance Analyst to ensure that information security policies, procedures, and practices comply with all relevant laws, regulations, and standards. The incumbent will assist in the development and maintenance of a comprehensive information security compliance program.
The Junior Information Security Compliance Analyst is part of the Risk Management Department, which is responsible for managing the Bank’s Information Security strategy.
Qualifications:
- A bachelor’s degree in information technology, Computer Science, Information Security, or equivalent is required.
- Two (2) years of Information Security experience or experience in a similar position within the Banking Industry preferred.
- Consistently demonstrates clear and concise written and verbal communication.
- Demonstrated problem-solving and analytical skills.
- Understanding of Information Security Frameworks such as NIST, ISO 27001, CISA, preferred.
Responsibilities:
- Assist in the development and maintenance of an information security compliance program that aligns with the Bank's strategic objectives and industry best practices.
- Support the Senior Information Security Compliance Analyst in ensuring that the Bank's information security policies and procedures comply with all applicable laws, regulations, and standards, such as FERPA, HIPAA, GLBA, and PCI DSS.
- Participate in the identification and assessment of information security risks and assist in the development and implementation of risk mitigation strategies.
- Assist in conducting periodic security assessments and audits to ensure that the Bank's information security controls are effective and are being followed.
- Assist in the development and delivery of training and awareness programs to educate staff on information security best practices.
- Collaborate with IT and business departments to ensure that security controls are integrated into system development life cycle (SDLC) processes.
- Assist in assessments, such as, but not limited to Gramm-Leach-Bliley Act (GLBA), Cybersecurity.
- Assist in managing and monitoring third-party risk and assist in onboarding new third-parties, performing internal risk assessments and annual review of service organization controls reports.
- Participant in the Incident Response Process to detect, investigate and recover from security incidents as well as assisting with incident response plans, when applicable.
- Prepare reports, retrieve files and documents in response to audit requests and user access reviews.
- Execute and maintain a security awareness program designed to facilitate a safe computing environment for all associates, contractors, and other business partners (e.g., phishing campaigns, clean/clear desk assessments).
- Assist in maintaining Information Security relevant Key Performance Indicators – KPIs.
Desired Skills (not mandatory):
- Knowledge of programming languages and process automation tools (python / PBI)
- Knowledge of collaborative/projects management tools (Jira, Monday, Kanban)
- Certified Information Systems Auditor - CISA (ISACA) or Certified Information Systems Security Professional – CISSP (ISACA)
Language Skills:
- English
- Portuguese (preferred)
- Spanish (optional)
Equal Opportunity/Affirmative Action Employer, M/F/V/D
Search for this job, NO EMPLOYMENT AGENCIES, HEAD HUNTERS, EXECUTIVE SEARCH FIRMS OR REPRESENTATIVE CALLS PLEASE.
