Information Security Analyst

Job Title: Information Security Analyst

This position is an on-site assignment (preferred).

Summary:

The Information Security (IS) Analyst is responsible for protecting the bank's digital assets and infrastructure (including cloud infrastructure) from cyber threats and managing information security risks in alignment with industry standards and regulatory expectations. This role involves monitoring systems, analyzing security incidents, conducting risk assessments, assisting with executing Identity & Access Management (IAM) processes, and ensuring compliance with regulatory requirements. The IS Analyst also assists with establishing sound governance functions and ensuring internal controls are operating effectively.

Wage Type: Salaried

Essential Duties & Responsibilities:

To perform this job successfully, an individual must be able to perform each of the essential duties satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Monitor and analyze security alerts from tools such as SIEM, IDS/IPS, DLP, and endpoint protection systems.
• Investigate and respond to cybersecurity incidents, including root cause analysis and remediation.
• Conduct vulnerability assessments and penetration testing; lead efforts to recommend mitigation strategies and ensure remediation plans are executed timely.
• Support Secure Development Lifecycle (SDLC) processes and ensure secure development processes are imbedded and enforced throughout the SDLC.
• Manage processes for securing the bank's cloud infrastructure, with a focus on Microsoft Azure and AWS.
• Monitor emerging (or changes to) regulatory requirements, threats, and industry trends, advising leadership on necessary changes and improvements Generate reports and metrics for management and regulatory bodies.
• Maintain and update IS policies, procedures, and standards in alignment with industry frameworks (i.e., NIST CSF 2.0) and regulatory requirements (FFIEC, GLBA, etc.).
• Develop and maintain security documentation, playbooks, and training materials.
• Manage and monitor security awareness, education, and training to employees.
• Perform internal and vendor IS risk assessments (including data privacy and other regulatory risk assessments). Lead remediation efforts of control gaps identified.
• Assist in the management and testing of the bank's Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure operational resiliency and rapid recovery in case of disruptions.
• Support centralized IAM governance and daily processing of access requests and provisioning.
• Manage IS metrics monitoring and reporting; Prepare reports and dashboards to communicate compliance performance to senior management and stakeholders; Monitor and report on the status of risk remediation activities.
• Support audits, inspections, and reviews conducted by regulators and external parties.
• Carries out responsibilities in a manner consistent with our values and operating principles, in accordance with policy and applicable laws, and with a commitment to commitment to continuous improvement and process excellence.
• Any other duties as assigned.

Key Deliverables:

• Satisfactory audit results and regulatory examinations.
• Timeliness and accuracy of risk assessments and reporting.
• Satisfactory and timely resolution of compliance incidents.

Organizational Structure:

Reports to: Director of Information Security

Supervises: NA

Qualifications:

Education:

• Bachelor's degree in Business Administration, Finance, Risk Management, Law, or a related field.
• Certifications such as CRISC, CISA, CISM, CISSP, or equivalent are preferred.

Required Knowledge/Skills:

• 2-4 years of experience in an IS or cybersecurity role, preferably in the banking or financial services sector.
• Familiarity with banking regulations, Interagency Information Security Standards and cyber security frameworks (e.g., NIST 2.0 CSF/RMF, PCI DSS, FFIEC, FDIC part 364 Appendix B, GDPR, etc.).
• Strong technical aptitude with Microsoft Azure and AWS Cloud Infrastructure with experience managing cloud security tools (i.e. Sentinel, Defender, Purview, AWS Security Hub and other native security tools, etc.)
• Strong analytical and problem-solving skills.
• Knowledge of risk assessment methodologies and compliance frameworks.
• Ability to manage multiple priorities and work collaboratively in a team environment.

Talents:

• Proactive and analytical professional with a strong understanding of regulatory compliance in the banking sector.
• Strong positivity.
• Mission driven, competitive, goal oriented, and motivated to develop themselves and others.
• Energetic, resourceful, and appropriate work intensity to get the work done
• Strong people acumen and relationship skills; Naturally pre-disposed to quickly establish positive personal and professional relationships.

Other:

• Ability to interpret a variety of instructions furnished in written, oral, diagram or schedule form.
• Must be able to lift to 20 pounds.

TransPecos Banks will not accept unsolicited resumes from any source other than the candidate. We will consider any candidate for whom an Agency submits an unsolicited resume, to have been referred to us by the Agency free of any charges or fees, other than those agencies we engage on a specific search. TransPecos Banks will not pay a fee for any placement resulting from the receipt of an unsolicited resume.