CYBER SECURITY ANALYST CORP. IT SECURITY FIRSTBANK PR

Job description

CYBER SECURITY ANALYST

FIRSTBANK


Our Company
At FirstBank PR, we strive to be a trusted advisor to our clients and our employees are the ones that ensure we deliver on our promise of excellence in personalized customer service.

Our more than 3,100 employees in Puerto Rico, the Virgin Islands and Florida share a passion for excellent customer service.

We are proud of our team because they are continuously surpassing our client’s expectations.

Do you have a passion for helping customers, building relationships, and delivering extraordinary, personalized customer service?

If your answer is yes, FirstBank is the number one place for you.



A Brief Overview:

The Cyber Security Analyst is responsible for assisting the IT Security Manager and the Chief Information Security Officer (CISO) in identifying, mitigating, and responding to Information Security risks.

As part of the functions, this role will perform complex analysis of high impact and sensitive systems to determine the appropriate security approach based on anticipated threat vectors.

Conduct cybersecurity key management tasks and strategies allowing the integration of cyber operations consistent with FirstBank’s cybersecurity posture.
The Cyber Security Analyst will be part of the Corporate Security Office (CSO) which is responsible of managing the Bank’s Information Security strategy such as developing IT standards, policies, and procedures, to comply with applicable laws/regulations and industry best practices.

What You’ll Need to Succeed:

+ Responsible for the management and oversight of the organization’s firewall infrastructure, ensuring robust security measures are in place, conducting regular audits, and implementing updates and modifications to maintain the integrity of the network security systems.



+ Provide feedback regarding cyber security in the development/update of Information Security (IS) policies, procedures, standards, and guidelines


+ Assist the IT Security Manager and/or Chief Information Security Officer (CISO) as necessary to respond and mitigate cybersecurity risks for internal control improvement


+ Assist in the selection and tailoring of approaches, methods and tools to support service offerings to applicable business units


+ Oversight and monitor of critical Information Technology / Information Security third party service providers and monitoring compliance of agreed-upon contracts/terms


+ Coordinate Penetration Tests and Vulnerability Scans and evaluate results to proactively identify and fix security flaws and vulnerabilities.


+ Responsible for assessing and prioritizing vulnerabilities utilizing a risk-based approach to expedite the remediation process


+ Manage and serve as the custodian of all risk response efforts regarding the Vulnerability Management process


+ Actively participate in the Vulnerability Management Board (VMB) and oversight of the Patch Management efforts to provide feedback and best practices to remediate any outstanding risks/flaws


+ In conjunction with the ERM Department, active participant in the Incident Response Process to detect, investigate and recover from security incidents as well as assisting with incident response plans (when applicable)


+ Work in conjunction with the IT Risk Management unit in the execution of the Cyber Security Risk Assessment

+ Periodically report on the Cyber Security Posture of the Corporation to Senior and Executive Management


+ Perform research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the Corporation

+ Conduct intelligence analysis of external threats targeting the financial industry as well as leverages internal data stores in order to gauge the potential impact on business operations.


+ Monitor vulnerability notices and provide engineering support for security patch distribution.



What You’ll Need:

+ A bachelor’s degree in information technology, Computer Science, engineering, or business is required for this position.

+ The incumbent must have at least 3-6 years of Information Security experience or experience in a similar position within the Banking Industry.



+ CISSP, CISM or any other similar certification is highly desired but not required.

+ A master's degree in computer science, information systems, engineering, or MBA is desired but not required.
Strong understanding of Information Security Frameworks such as COBIT 5, ISO 27000, NIST, and others is required.




+ Exercise excellent written communication skills with direct experience drafting guidance documentations

+ Understand complex business and Information Technology / Information Security processes

+ Familiarity with vulnerability assessment and penetration testing best practices

+ Understand and be proficient in common cyber threat terminology, methodologies, possess basic understanding of cyber incident and response, and related current events

+ Knowledge in databases, Web Applications, Network and communication Infrastructure, operating systems (ex.

IBM, Unix, Linux and Windows), security technologies (firewalls, IDS/IPS, etc.)

+ Strong working knowledge of Information and System Security, internal control frameworks such as: COBIT, ISO 27000, NIST, etc.

+ Understanding of Information Technology knowledge within the Banking Industry

+ A strong understanding of Information Security regulatory requirements and compliance issues, previous experience with applicable regulations from the FDIC, FFIEC, SOX, etc.

+ Capable of working with minimum supervision

+ Strong analytical skills and problem-solving skills



EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER

Required Skill Profession

Other General