Job Type
Full-time
Description
Location: Mineola, NY
Job Summary: Hanover Bank is looking for a full-time Information Security Analyst to join our team.
Job Duties & Responsibilities- Program Maintenance: Assist the ISO/ISM in developing and maintaining an Information Security Program aligned with GLBA, FDICIA, SOX, FFIEC, FACTA, and the NYDFS 23 NYCRR 500.
- Regulatory Monitoring: Stay current on global and regional financial regulations and technology trends to ensure proactive compliance and program evolution.
- Audit Management: Serve as a point of contact for internal and external audits, ensuring timely and accurate responses to all requests.
- Enterprise Assessments: Develop and maintain security risk assessments that evaluate inherent risks, control effectiveness, and residual risk levels.
- Asset Management: Implement and maintain a comprehensive, documented information system asset inventory as required by 2025 NYDFS updates.
- Vendor and Project Risk: Evaluate security controls during vendor selection (Third-Party Risk Management) and consult on new product development to ensure "security by design".
- Data Classification: Partner with various business units to classify data according to sensitivity and ensure appropriate handling protocols.
- Threat Detection: Maintain and tune security tools to monitor for vulnerabilities and potential breaches, providing real-time alerting for the Bank's network.
- Access Control: Administer identity and access management (IAM) protocols, including the enforcement of Multi-Factor Authentication (MFA) and regular reviews of privileged access.
- Remediation: Collaborate with Information Technology teams to remediate identified security issues and review technical changes for adherence to best practices.
- Incident Management: Coordinate incident response planning, including the development of alerting and escalation procedures and managing the response to active security events.
- Business Resilience: Manage and oversee the Bank's Business Continuity Plan (BCP) and Disaster Recovery (DR) program, including leading annual Business Impact Analyses (BIA) and recovery testing.
- Security Education: Handle the execution of the security awareness program by creating educational content, conducting phishing simulations, and delivering presentations on employee obligations.
- Strategic Reporting: Produce security KPI metrics and trend analysis reports for management to demonstrate the current state of the Bank's security posture.
Professional Requirements: Education
- Bachelor's Degree: Required in Computer Science, Cybersecurity, Information Technology, or a related technical field. Equivalent professional experience may be considered.
Certifications
- Foundational (Required): Must possess or be actively working toward a foundational security certification such as CompTIA Security+, ISC2 Certified in Cybersecurity (CC), or SSCP.
- Advanced (Preferred): Possession of, or eligibility for, advanced certifications such as CISSP (Associate status acceptable), CRISC, or CISA is highly desirable.
Experience
- Minimum Experience: 1-3 years of experience in information security, IT auditing, or network administration, preferably within the financial services sector
- Technical Proficiency: Demonstrated experience with security technologies (firewalls, IDS/IPS, SIEM, EDR) and a solid understanding of GRC (Governance, Risk, and Compliance) frameworks
Skills and Abilities:- Communication Skills: Strong interpersonal skills with the ability to effectively communicate complex technical concepts to non-technical stakeholders (e.g., Board members, employees).
- Analytical Abilities: Excellent problem-solving, analytical skills, and detail-oriented approach to all tasks.
- Technical Proficiency: Strong technical knowledge across core security domains:
- Infrastructure: Network security, cloud security, and endpoint protection.
- Operations: Security Information and Event Management (SIEM) and Security Operations Center (SOC) systems.
- Development: Application security principles.
- Adaptability: Ability to adapt to evolving information technology and threat landscapes.
- GRC Capabilities: Proven ability to perform vendor and system cybersecurity risk assessments.
- Program Management:
- Experience running information security awareness and training programs.
- Experience planning and coordinating business continuity and disaster recovery tests.
- Time Management: Ability to prioritize and execute tasks efficiently within required time frames.
Our Benefits: Health & Wellness Benefits• Medical, Dental, and Vision insurance (with HSA, FSA, and Commuter Benefits options)
• Company-paid Life Insurance and Accidental Death & Dismemberment (AD&D)
• Company-paid Long-Term Disability Insurance
Voluntary Benefits• Additional Life and AD&D Insurance for employee, spouse, and dependents
• Voluntary Short-Term Disability Insurance
• Pet Insurance
• Legal Services Plan
• Accident Insurance
• Hospital Indemnity Insurance
• Cancer Care Insurance
Retirement• 401(k) Plan with Company Match
Time Off & Recognition• Paid Personal Time Off (PTO)
• Paid Company Holidays
• Annual Performance Bonuses
• Annual Salary Increases
Employee Engagement• Company-sponsored Events
• Employee Contests and Recognition Programs
*As a part-time employee, you may not be eligible for all of the above benefits. (include this if it is a part-time position).
Hourly Rate : $38-42/ hour ; placement within this range will vary based on experience and skill level.
Salary Description
$38-42/ hour