Job Title: Senior Information Security AnalystFLSA Status: ExemptDepartment: Information SecurityHours of Operation: Monday - Friday 8:00 AM - 5:00 PM - (Unless otherwise approved)45+ hours per week, On-call after hoursOrganizational Duties and Responsibilities:Supports the mission, vision, and philosophy of the Bank. Complies willingly with all organizational policies and procedures.Supports all functions that maintain compliance with regulatory agencies.Complete relevant annual training upon approval by the Director of Information Security. General Job Summary:The Senior Information Security Analyst is responsible for safeguarding the organization's information assets by implementing and managing advanced security measures. The role encompasses vulnerability management, patch management oversight, email security, data loss prevention (DLP), anti-virus and endpoint detection and response (EDR) systems, security monitoring, incident response, and comprehensive reporting. The incumbent is expected to ensure regulatory compliance, mitigate security risks, and enhance the organization's overall security posture through proactive measures and collaboration with cross-functional teams. Essential Duties and Responsibilities:Vulnerability Management:Conduct regular vulnerability assessments and penetration testing across systems and networks.Analyze and prioritize vulnerabilities; develop and implement remediation plans.Collaborate with IT and development teams to address security weaknesses.Stay current with emerging vulnerabilities and threat landscapes.Patch Management Oversight:Lead and manage the patch management process for software and hardware components.Coordinate with system administrators and vendors to ensure timely application of patches.Develop and enforce patch management policies and procedures.Monitor patch deployment effectiveness and address implementation issues.Email Security:Implement and manage email security solutions to protect against phishing, spam, and malware.Monitor email systems for security threats and respond promptly to incidents.Develop policies and train staff on secure email practices.Data Loss Prevention (DLP):Deploy and maintain DLP solutions to prevent unauthorized access or disclosure of sensitive data.Define and enforce DLP policies; monitor compliance.Investigate and address DLP alerts and incidents.Anti-Virus/Endpoint Detection and Response (EDR):Manage anti-virus and EDR systems across all endpoints to detect and mitigate security threats.Ensure endpoints are protected with up-to-date security software and definitions.Respond to security alerts from anti-virus and EDR systems; coordinate remediation efforts.Security Monitoring and Incident Response:Monitor security systems, including SIEM tools and intrusion detection systems.Analyze security logs to identify potential threats and anomalies.Perform privilege access management systems, enforcing least privilege principles and monitoring access controls.Participate in incident response activities, including investigation, containment, and recovery.Document incidents and implement improvements to prevent recurrence.Reporting:Prepare detailed security reports for management and stakeholders.Develop metrics and dashboards to measure the effectiveness of security initiatives.Communicate security issues and recommendations to technical and non-technical audiences.Compliance and Policy Enforcement:Ensure adherence to all relevant security policies, standards, and regulatory requirements.Assist in developing, reviewing, and updating information security policies and procedures.Support internal and external audits; address compliance gaps.Security Awareness and Training:Contribute to security awareness programs; develop training materials and deliver presentations.Educate employees on best practices and emerging threats.Additional Duties:Evaluate and recommend security technologies and solutions.Stay informed about cybersecurity trends and best pra
