Information Security Analyst

United Financial Bank   •  

Hartford, CT

Industry: Accounting, Finance & Insurance

  •  

5 - 7 years

Posted 31 days ago

Description

United Bank is seeking an Information Security Analyst to join our busy and growing Information Security Department in Hartford, CT. The primary role of the Information Security Analyst is to design, implement and manage the Bank’s integrated risk management (IRM) software. This unique opportunity brings the candidate in on the “ground floor” with the newly acquired IRM software. The position is responsible for developing the United Bank IRM program to integrate risk and governance areas across the Bank and enabling improved business decisions with real-time risk intelligence. As Information SecurityRisk Analyst, the incumbent will be responsible for risk and governance process automation and integration to streamline risk management processes and provide a holistic, enterprise-wide view of risk.

In addition, the Information Security Analyst coordinates and oversees the execution of comprehensive IT/IS/cybersecurityrisk assessments using the Bank’s IRM software. The Information Security Analyst will prepare management and Board-level reports using appropriate business and technical language and include supporting analysis and statistics. The role supports the Bank’s Information Security Program, section 501(b) of the Gramm-Leach-Bliley Act and the Interagency Guidelines Establishing Information Security Standards.

The Information Security Analyst is expected to advise and influence technology and business personnel regarding the value of and methods for safeguarding information, applications, systems, infrastructure, and business activities.

ESSENTIAL FUNCTIONS of the POSITION

  • Create, document and maintain the United Bank Integrated Risk Management Program in consultation with the Information Security Officer and Director of Enterprise Risk Management and using industry frameworks (NIST, COBIT, FFIEC Cybersecurity Assessment, etc.).
  • Design, build, test and implement risk assessments and other Information Security/risk processes using the Banks Integrated Risk Management software.
  • Coordinate, oversee and evaluate risk assessments, including the FFIEC Cybersecurity Assessment, performed by personnel in various business units.
  • Demonstrate a strong understanding of information security, risk management, governance and business process management.
  • Stay knowledgeable of current threats to information and information technologies.
  • Assess adequacy of controls to protect sensitive information.
  • Develop and sustain collaborative relationships with United Bank Management and project teams through periodic and effective communications.
  • Prepare written reports using appropriate business and technical language supported by statistics and detailed analysis.
  • Interact with auditors and examiners.
  • Assist in developing cybersecurity awareness training material.
  • Lead information security-related projects as assigned.
  • Represent and promote the image of the Information Security department periodically at Management Risk Committee and other committee meetings and in daily interactions.
  • Maintain frequent communication with the Information Security Officer.

KEY SKILLS, EXPERIENCE AND KNOWLEDGE:

  • Proven experience with business process management, risk management and IT or Information Security.
  • In depth knowledge of CIS controls and standards (NIST, COBIT, etc.) in financial services industry.
  • Proven history of driving improvement in business processes, workflow and technology.
  • Skilled in planning and prioritizing.
  • Excellent written and verbal communication skills.
  • Strong interpersonal and communication skills with ability to work effectively with a wide range of constituencies.
  • Ability to educate, negotiate and advise on matters regarding Information Security and Risk Management.
  • Analytical and objective critical thinking skills.
  • Ability to gather data, compile information, represent data in graphs and charts and prepare reports with detailed analysis.

OTHER FUNCTIONS of the POSITION:

All employees are subject to the requirements of the United Bank BSA Program. An employee’s role with United Bank determines which parts of the program apply. However, all employees are responsible for reporting suspicious activity identified in the course of their work, and all employees are responsible for the timely completion of mandatory compliance training assigned, such as BSA and OFAC.

The above duties may not be all-inclusive. The incumbent may be asked or required to perform other work as time and abilities allow.

DISTINGUISHING CHARACTERISTICS of the POSITION:

Judgment: The position requires considerable knowledge of information security, information technology, business process management, the Bank’s Information Security Program, applicable policies and section 501(b) of the Gramm, Leach, Bliley Act. Judgment and initiative are required in translating authoritative guidance into practice, in staying abreast of emerging threats and corresponding solutions and in management reporting.

Complexity: The complexity of duties and responsibilities of this position ranges from moderate to high requiring technical expertise, business process management skills, understanding risk management and internal controls and possessing excellent communication skills.

Impact of Errors: Integrity of the data and workflow of the Integrated Risk Management software is critical to the success of the IRM program. Errors or mishandling of security-related information and/or events may result in significant expense, financial loss, and/or damage to the Bank’s reputation.

Interpersonal Relationships: Work involves frequent interaction with IT and management and requires strong verbal and written communication skills, persuasiveness and confidence. The position requires the ability to support arguments with facts. The position involves frequent communications with peers, staff members, all levels of management, auditors, examiners, and vendors and requires persuasiveness, discretion, initiative, and diplomacy.

QUALIFICATIONS for the POSITION:

Education: Bachelor’s degree in a related field is required. Ideally, a degree in computer science, Information/Cybersecurity or other related field. Professional certifications (e.g. Six Sigma, CISSP, CISA, CGEIT, CRISC, etc.) preferred.

Experience: Five or more years’ experience in Information Security, Risk Management, IT Audit or IT at a regulated institution, preferably at a Bank, accompanied by at least 2 years’ experience in business process management and/or workflow management software.

Physical Requirements: Ability to communicate effectively and distill complex situations through presentations and individual discussions with managers, employees and vendors. Eyesight and hearing at a level that does not interfere with responsibilities, Mobility to move within the Bank.

  • Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.

Requisition Number 19-0011