Tuesday, August 02, 2011

Security Jobs: Information Security Network Risk Analyst, Jackson, MS

Information Security Network Risk Analyst
MS – Jackson

This is an EXCITING OPPORTUNITY to join a leading bank’s Information Security team and contribute to the Technology Risk Management and Information Security program. This position reports to the Chief Information Security Officer and provides exposure to a wide range of the bank’s technology and business related activities. A successful candidate will have the responsibility of operating several key elements of the information security program, as well contributing to the technology risk assessment, security monitoring, forensics, and project related work. 

Candidate must have experience in an organization which worked under at least one of the following three compliance requirements: PCI, SOX, FFIEC. Knowledge of the FFIEC and the banking industry is definitely a plus. The primary purpose of the role is to provide ongoing review and recommendations for maintaining a secure corporate network. This position requires candidates to possess the technical skills and knowledge to evaluate an existing network infrastructure and make recommendations for improvements. This is often a fast moving environment, where decisions affecting security are required with minimal notice. Resulting in the incumbent having to be comfortable with making decisions without always having the entire picture. 

If you have a strong background in technology security, you will thrive in this role if you: 
- enjoy staying on top of security technologies 
- have a passion for protecting customer data from cyber threats 
- work well with both technical and non-technical management 

The daily routine of this position may include: 
- identifying and reporting of emerging vulnerabilities and evaluating potential risks 
- developing and managing vulnerability scans and providing remediation alternatives 
- contributing to the evaluation, development, and implementation of security standards for network devices 
- identifying and following up on issues of network abuse 
- developing recommendations for network security technologies 
- providing answers and/or guidance for various information security questions/incidents 

The purpose of this job includes overall responsibility for monitoring network infrastructure devices and reports for unauthorized access, security vulnerabilities, and maintaining a technology risk assessment process to identify risks associated with the Trustmark network devices, as well as making recommendations for correcting or mitigating those risks. Periodic network vulnerability assessments, searching the Internet for possible Phishing sites, oversight of the Patch Management process, and coordinating the annual external assessment are also important functions of this job, as well as the training of associates and assisting the manager as needed. 

  • Responsible for monitoring of event logs and escalating as appropriate to resolve suspected and detected incidents of network misuse 
  • Responsible for reviewing and reporting of vendor-related vulnerabilities (Patch Management) and, if necessary, assist the Information Technology group with prioritizing and escalating the implementation of updates to correct reported issues 
  • Responsible for overseeing the Information Security Technology Risk Assessment processes and reporting to management, including assisting Manager with creating the required Annual Board Reports regarding the Information Security Program 
  • Responsible for the development and implementation of network scans and providing vulnerability reports to management 
  • Responsible for monitoring, coordinating, and assisting with questions and changes pertaining to the bank's firewall and Intrusion Detection and Site Blocking systems 
  • Responsible for recommending steps to follow regarding possible investigations dealing with the misuse of network resources and unauthorized access to sensitive customer information within the bank's network and Service Provider locations and ensuring that the chain of custody is documented and maintained as appropriate

  • Broad knowledge of OCC and FFIEC regulations relative to a Financial Institution’s Information Security Program or comparable information security compliance requirements such as HIPAA 
  • General knowledge of requirements of 12 C.F.R. Part 30, Section 501b and the Interagency Guidelines Establishing Standards for safeguarding customer information preferred 
  • In-depth knowledge of multiple Operating Systems 
  • Broad knowledge of network infrastructure 
  • General knowledge of process for implementing software security patches 
  • General knowledge of the principles of risk assessment 
  • Broad knowledge of computer forensics 
  • Clear verbal communication skills 
  • Interpersonal skills with leadership potential 
  • Time management skills and experience in managing multiple tasks 
  • Writing skills related to management reporting 
  • Detail oriented 
  • Ability to use anti-virus tools in determining the existence of a virus on a network device 
  • Ability to develop and implement network security measures 
  • Ability to investigate information security incidents 
  • Four year college degree preferred 
  • Minimum of two-year college degree or equivalent network and/or client/server work experience required 
  • Security certifications required; Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or equivalent preferred 
  • Work experience related to network and/or information security required 
  • Work experience with installing operating systems and application software on end-user computing systems required 
  • Work experience in implementation of client/server policies using best practices 

SecurityRecruiter.com's Security Recruiter Blog