Information Security Analyst

Hanover Bank

$79K — $87K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's Degree in Computer Science, Cybersecurity, Information Technology, or related field
  • Foundational security certification (e.g., CompTIA Security+, ISC2 CC, or SSCP)
  • 1-3 years of relevant experience in information security or IT auditing
  • Technical proficiency with security products (firewalls, IDS/IPS, SIEM, EDR)
  • Understanding of GRC (Governance, Risk, and Compliance) frameworks

Responsibilities

  • Assist in developing and maintaining an Information Security Program compliant with regulations
  • Monitor global and regional financial regulations to ensure proactive compliance
  • Serve as a point of contact for internal and external audits
  • Develop security risk assessments to evaluate risks and control effectiveness
  • Implement a documented asset inventory for upcoming regulatory requirements
  • Evaluate security during vendor selection and consult on new products
  • Classify data to ensure proper handling protocols and security measures
  • Maintain security tools to monitor vulnerabilities and incidents
  • Administer identity and access management protocols and reviews
  • Coordinate incident response planning and manage active security events
  • Oversee the Business Continuity Plan and Disaster Recovery program
  • Execute the security awareness program and employee training

Benefits

  • Medical, Dental, and Vision insurance with various plan options
  • Company-paid Life, Long-Term Disability, and Accidental Death & Dismemberment Insurance
  • 401(k) Plan with Company Match
  • Paid Personal Time Off and Company Holidays
  • Annual performance bonuses and salary increases
  • Employee engagement through sponsored events and recognition programs
Full Job Description
Job Type

Full-time

Description

Location: Mineola, NY

Job Summary:

Hanover Bank is looking for a full-time Information Security Analyst to join our team.

Job Duties & Responsibilities
  • Program Maintenance: Assist the ISO/ISM in developing and maintaining an Information Security Program aligned with GLBA, FDICIA, SOX, FFIEC, FACTA, and the NYDFS 23 NYCRR 500.
  • Regulatory Monitoring: Stay current on global and regional financial regulations and technology trends to ensure proactive compliance and program evolution.
  • Audit Management: Serve as a point of contact for internal and external audits, ensuring timely and accurate responses to all requests.
  • Enterprise Assessments: Develop and maintain security risk assessments that evaluate inherent risks, control effectiveness, and residual risk levels.
  • Asset Management: Implement and maintain a comprehensive, documented information system asset inventory as required by 2025 NYDFS updates.
  • Vendor and Project Risk: Evaluate security controls during vendor selection (Third-Party Risk Management) and consult on new product development to ensure "security by design".
  • Data Classification: Partner with various business units to classify data according to sensitivity and ensure appropriate handling protocols.
  • Threat Detection: Maintain and tune security tools to monitor for vulnerabilities and potential breaches, providing real-time alerting for the Bank's network.
  • Access Control: Administer identity and access management (IAM) protocols, including the enforcement of Multi-Factor Authentication (MFA) and regular reviews of privileged access.
  • Remediation: Collaborate with Information Technology teams to remediate identified security issues and review technical changes for adherence to best practices.
  • Incident Management: Coordinate incident response planning, including the development of alerting and escalation procedures and managing the response to active security events.
  • Business Resilience: Manage and oversee the Bank's Business Continuity Plan (BCP) and Disaster Recovery (DR) program, including leading annual Business Impact Analyses (BIA) and recovery testing.
  • Security Education: Handle the execution of the security awareness program by creating educational content, conducting phishing simulations, and delivering presentations on employee obligations.
  • Strategic Reporting: Produce security KPI metrics and trend analysis reports for management to demonstrate the current state of the Bank's security posture.


Professional Requirements:

Education
  • Bachelor's Degree: Required in Computer Science, Cybersecurity, Information Technology, or a related technical field. Equivalent professional experience may be considered.

Certifications
  • Foundational (Required): Must possess or be actively working toward a foundational security certification such as CompTIA Security+, ISC2 Certified in Cybersecurity (CC), or SSCP.
  • Advanced (Preferred): Possession of, or eligibility for, advanced certifications such as CISSP (Associate status acceptable), CRISC, or CISA is highly desirable.

Experience
  • Minimum Experience: 1-3 years of experience in information security, IT auditing, or network administration, preferably within the financial services sector
  • Technical Proficiency: Demonstrated experience with security technologies (firewalls, IDS/IPS, SIEM, EDR) and a solid understanding of GRC (Governance, Risk, and Compliance) frameworks


Skills and Abilities:
  • Communication Skills: Strong interpersonal skills with the ability to effectively communicate complex technical concepts to non-technical stakeholders (e.g., Board members, employees).
  • Analytical Abilities: Excellent problem-solving, analytical skills, and detail-oriented approach to all tasks.
  • Technical Proficiency: Strong technical knowledge across core security domains:
  • Infrastructure: Network security, cloud security, and endpoint protection.
  • Operations: Security Information and Event Management (SIEM) and Security Operations Center (SOC) systems.
  • Development: Application security principles.
  • Adaptability: Ability to adapt to evolving information technology and threat landscapes.
  • GRC Capabilities: Proven ability to perform vendor and system cybersecurity risk assessments.
  • Program Management:
  • Experience running information security awareness and training programs.
  • Experience planning and coordinating business continuity and disaster recovery tests.
  • Time Management: Ability to prioritize and execute tasks efficiently within required time frames.


Our Benefits:

Health & Wellness Benefits
• Medical, Dental, and Vision insurance (with HSA, FSA, and Commuter Benefits options)
• Company-paid Life Insurance and Accidental Death & Dismemberment (AD&D)
• Company-paid Long-Term Disability Insurance

Voluntary Benefits
• Additional Life and AD&D Insurance for employee, spouse, and dependents
• Voluntary Short-Term Disability Insurance
• Pet Insurance
• Legal Services Plan
• Accident Insurance
• Hospital Indemnity Insurance
• Cancer Care Insurance

Retirement
• 401(k) Plan with Company Match

Time Off & Recognition
• Paid Personal Time Off (PTO)
• Paid Company Holidays
• Annual Performance Bonuses
• Annual Salary Increases

Employee Engagement
• Company-sponsored Events
• Employee Contests and Recognition Programs

*As a part-time employee, you may not be eligible for all of the above benefits. (include this if it is a part-time position).

Hourly Rate : $38-42/ hour ; placement within this range will vary based on experience and skill level.

Salary Description

$38-42/ hour

Similar Jobs

More Information Technology Jobs

Find similar Information Security Analyst jobs: