The Information Security Analyst is a member of the Compliance and Risk Management team, working closely with the Information Security Officer and IT Security department. Performs monitoring of key system access changes to ensure compliance with policy and best practices as well as monitoring of reported suspicious e-mails for potential phishing. Manages the Bank's social engineering and phishing testing and provides associated security training. Assists with information security risk assessments. This role requires a knowledge of information security best practices to advise on and assist with the Bank's compliance with security and privacy requirements.
Essential Duties & Responsibilities
Perform monitoring of key system access changes and advise IT personnel and business management on access policies and best practices.
Monitor, research, and respond to employee and consumer reported suspicious e-mails, and assist with phishing email escalation and handling.
Plan and perform Bank social engineering and phishing exercises, coordinating with third-party provider as needed. Report exercise results to management. Provide related security awareness and training to employees.
Assist with information security risk assessments, such as GLBA-required information security assessments and eBanking risk assessment. As needed, work directly with IT and business management to assess and advise on information security risks.
Perform other duties as assigned.
Participate in proactive team efforts to achieve departmental and company goals.
Must comply with current applicable laws, regulations and bank policies and procedures. Comply with all safety policies, practices and procedures. Report all unsafe activities to supervisor and/or Human Resources.
Experience
At least two years of related experience.
Education/Certifications/Licenses
A high school degree or equivalent required, and additional industry certification related to information security or cybersecurity required (e.g., CISM, CISA, CISSP, Security+, etc.)
Skills
Working knowledge of information security and cybersecurity best practices.
Excellent analytical and organizational skills.
Ability to perform basic to intermediate math skills including computer spreadsheets and databases. Must be familiar with Microsoft Office and similar applications for compilation and presentation of daily tasks. Microsoft Excel experience required, with advanced Excel experience preferred.
A significant level of trust and diplomacy is required to be an effective subject matter expert in the position. In-depth dialogues, conversations and explanations with employees, direct and indirect reports, and with outside vendors of a sensitive and/or highly confidential nature is a normal part of the daily activities. Communications can involve motivating, influencing, educating and/or advising management and employees matters on significance related to information security.
CapFed® is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.