Senior Information Security Analyst

Webster Bank   •  

New Britain, CT

Less than 5 years

Posted 308 days ago

This job is no longer available.

If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935 by Harold Webster Smith, our focus has always been to put people first--doing whatever we can to help individuals, families and businesses achieve their financial goals. And while we've grown into a leading commercial bank, we remain passionate about serving our customers, supporting our communities, and making a difference in people's lives. We can make a difference in your life, too. By empowering you to build the meaningful career you've been looking for.

Responsibility, respect, trust, teamwork and citizenship are the values on which Webster was founded. Together we call them The Webster Way, and they are what set us apart as a bank and an employer. Guided by these values, we put people first - working hard to live up to our customers, and each other, every day.

Senior Information Security Analyst (Risk and Vendor Management) Job Posting

The Senior Information Security Analyst will support Corporate Information Security (CIS) and Webster Bank's line of business and technical operations departments. The Senior Information Security Analyst will be responsible for providing Webster Bank associates and customers the highest quality Cyber and Information Technology Security solutions and support.

This position's PRIMARY responsibilities will include the following:

  • Provide focused Information Security support and guidance to the Webster business and IT operations staff 
  • Conducting Information Security assessments on all information security assets (internal and external) to determine and disseminate risk rating and compliance associated with protecting data integrity, confidentiality, and availability. 
  • Evaluate risk exposure and remediation as well as identifying, reporting, and resolving security violations. 

This position's ALTERNATE responsibilities may include the following:

  • Coordinate, provide oversite, and support external audits, examinations, and tests relating to the Information Security Program 
  • Perform initial, changes to, and periodic asset security risk assessments. Assessments include both internal and external information security assets 
  • Assess and report risk on customer facing applications supporting compliance with FFIEC Guidance for Authentication in an Internet Banking Environment 
  • Conduct internal and external site visits and external security program reviews as required 
  • Accurately report results of assessments and track status, follow-up, and process responses to remediation and security requirements 
  • Work with asset managers / owners to assure remediation plans are adequate and efficient 
  • Provide oversight and coordination of remediation efforts to address identified weaknesses. 
  • Identify the controls needed to ensure the confidentiality integrity and availability of information assets 
  • Ensure information security controls and gaps are appropriately associated with information security threats, vulnerabilities, and information assets 
  • Evaluate risk exposure and remediation as well as identifying, reporting, and resolving security violations. 
  • Identify areas of non-compliance and make recommendations for achieving compliance 
  • Partner, educate, and consult the Webster lines of business on asset risks 
  • Utilize Enterprise Governance, Risk and Compliance tools and frameworks to complete work 
  • Coordinate and provide responses to Webster Business Partners and Prospects' requests about the information security program and practices 
  • Support and manage requests for validation of Webster's Information Security Program 
  • Work with members of the Legal team to assist with Information Security contract language 
  • Ensure adequacy for Information Security activities such as documentation and classification relating to policies, standards, and regulatory and legal compliance (OCC, CFPB, GLBA, HIPAA, PCI, FFIEC), 
  • Provide technical guidance and consult on the implementation of Information Security controls. 
  • Analyze, monitor, and escalate security events 
  • Support the Incident Management Program as required 
  • Consult with Information Security NetworkArchitect to ensure safe and secure network environments and configurations of Webster's assets 
  • Monitor legal and regulatory changes; identify and disseminate gaps in security program coverage and business processes 
  • Support Webster lines of business executing their initiatives on time and in a secure fashion 
  • Research emerging technologies in support of security enhancement and development efforts 
  • Demonstrate compliance with all bank regulations for assigned job function and apply to designated job responsibilities 
  • Provide security awareness articles as requested.


  • At minimum a bachelor's degree in computer science, mathematics, engineering or five years of comparable work experience.
  • 3-5 years' experience in Information Technology 
  • 3-5 years' experience in Information Security 
  • This position requires at least one of the following certifications: Security +, CEH, CISSP, CRISC, CISM, PCIP, GCIH or equivalent 
  • Experience and knowledge of Information Security and risk management principles.


  • Must be highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues. 
  • Have excellent communications, teamwork, and leadership skills. 
  • Because of the constant developing nature of information systems and cyber-attacks, must be committed to continuous learning and development.