Senior Information Security Analyst Assurance

Job Description:

First American Bank was founded in Chicago, and over the years has expanded throughout Wisconsin and Florida. As the largest privately held bank in Illinois, we now have over 60 locations and assets of $5+ billion. We are a community bank at heart with international expertise, traditional values, and a forward-looking philosophy. Our employees have the experience and vision to meet the needs of savers, borrowers, and businesses in the 21st century. First American Bank can offer employees a level of visibility, career growth, and stability that is difficult to find in many larger corporations.

The Senior Information Security Analyst Assurance & Compliance is responsible for security assurance and compliance activities to achieve business goals by evaluating, deploying, and managing of security technologies. This individual is expected to have outstanding problem-solving skills, meticulous attention to detail, and a sound understanding of cybersecurity and the financial sector requirements. In addition, be fully aware of the enterprises security goals as established by the regulatory landscape, company policies, procedures, and guidelines and partner cross-functionally towards achieving and optimizing those objectives.

Duties & Responsibilities

• Lead Information Security Assurance & Compliance including cross functional assessments of information resources, processes, tools.
• Oversee application compliance cross functionally to ensure risks to the organization are identified and processed in accordance with the Information Security Risk Management Program.
• Partner with key stakeholders in the Business Units, Technology, Compliance, Internal Audit, Legal and Third Parties to review and provide security guidance on current and new processes, maintain evidence and artifacts for internal and external audits.
• Identify and analyze new and emerging requirements for policy impacts; develop and update policies, procedures, standards, and guidelines.
• Serve as the primary point of security assurance and compliance management activities, including but not limited to, analyzing, quantifying, validating, testing, and tracking identified information security compliance and risks as well as reviewing, documenting, and tracking risk exception requests and facilitating risk management discussions with key stakeholders.
• Manage and track cybersecurity audit engagements and due diligence activities. Utilize working knowledge of information security best practices to ensure sufficient IT controls are in place to meet our external audit and client requirements.
• Process Information Security due diligence requests and ensure compliance to policies, procedures, and regulations both internally and for third parties.
• Manage Information Security Awareness initiatives.
• Evaluate and recommend improvements to the companys information systems control environment, risk management and Information Security audit processes to reduce duplicate audit requests in addition to minimizing Process Owner dependency to obtain control evidence.
• Facilitate the ongoing management of Information Security Policies, Standards, Guidelines and Procedures and coordinate awareness cross functionally.
• Analyze and measure compliance objectives and foster initiatives with established Information Security policies and procedures by examining IT records, reports, operating practices, and documentation.
• Create and maintain dynamic dashboards and/or scorecard for visibility of Information Security Governance activities.
• Provide security recommendations to other team members, management, and business stakeholders for solutions, enhancements to existing systems, and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
• Assess system configurations of company solutions as per the established baselines, for those security systems solutions that are partially or wholly operated by the InfoSec team.
• Identify security requirements, based upon need or as the result of a security issue that puts organizations systems at risk.
• Participate in the monitoring all in-place security solutions for efficient and appropriate operations.
• Aid in the design and execution of vulnerability assessments, penetration tests and security audits.
• Participate in the identification of security breaches detected by security systems, and in the tracking, investigation, and resolution of these incidents.
• Performs other related duties as assigned by management.

Qualifications

• High school diploma or equivalent required. A degree in Information Technology/Computer Information Systems or related field preferred.
• CISSP, CISA, CISM, CEH, Security+ and / or similar certifications is a plus.
• Minimum eight years of experience supporting Information Security governance, risk & compliance programs to meet regulatory or compliance requirements. Background in Information Security, IT Risk Management, or IT Audit required.
• Strong understanding of security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO control framework.
• Experience with security program assessment, development, and management practices; including working with industry standards and frameworks (particularly the NIST Cybersecurity Framework, 800-53, NIST CSF. CIS Top 20, FFIEC Cybersecurity Assessment tool), GLBA preferred.
• Proven experience in proactively identifying potential Information Security controls risks, issues and opportunities through analytical thinking and offering sustainable recommendations that address root cause rather than symptoms.
• Strong understanding of information security standards, best practices for securing computer systems within applicable laws and regulations.
• Experience with Governance Risk & Compliance (GRC) tools and policy/procedure development.
• Experience working in a highly regulated industry (financial services or health care) desired.
• Familiarity with software development process and practice and banking technologies and applications a plus.
• High level of personal integrity, and the ability to professionally handle confidential matters while exuding appropriate level of judgment and maturity.
• Ability to blend exceptional attention to detail with an ability to retain strategic direction within a rapidly evolving entrepreneurial business culture. Ability to conduct research into security issues and products as required.
• Strong team player yet self-motivated and able to make progress independently.
• Highly organized with proven analytical and problem-solving abilities with ability to effectively prioritize and execute tasks in a high-pressure environment.
• Must be professional, comfortable speaking with external and internal contacts with a demonstrated ability to effectively tailor the message appropriately to the audience and situation.
• Demonstrated ability to convey thoughts and ideas effectively and succinctly via written formats, including emails, letters, and electronic platforms. Maintain professional standards relating to spelling and grammar.
• Maintain good working relationships with internal partners by exhibiting exemplary interpersonal skills, adopting a constructive, solutions-focused approach.
• Use sound professional judgment to balance the interests of the organization and customer, understanding and using available resources to mitigate risks.
• High proficiency with Microsoft 0365 products and applications, including the ability to effectively prepare or review documents, procedures, and reports.
• Experience with administration and architecture for one or more infrastructure technologies (networking, Windows OS, Linux OS, Active Directory, PKI, etc.) required.
• Working technical knowledge of several of the infrastructure technologies preferred (such as Active Directory, Server 2016 & 2019, Azure, 0365, and various AV products, Vulnerability Management).
• In-depth technical knowledge of and experience with one or more common security products and toolset (firewalls; intrusion prevention systems; web-security content management; authentication services; SEIM; etc. required).
• Working technical knowledge of wider a cross-section of the common security products and toolsets.
• Demonstrated ability to learn new systems and applications, as well as the ability to understand, adapt and adjust responsibilities/workflows because of system upgrades.
• Occasional travel to other First American Bank locations, Bank functions and training facilities may be required.
• This position is remote but does require occasional travel to various locations throughout the Bank's market.
• Typical hours are Monday through Friday 8:00 a.m. to 5:00 p.m. Additional hours may be required depending upon business need.
• Punctuality is required to maintain First American Banks customer service standards.