Sr. Information Security Analyst

Position Overview:
As a Senior Information Security Analyst, you will play a critical role in safeguarding the organization’s infrastructure and data. Acting as a strategic risk manager, you will identify, assess, and escalate security risks while working closely with IT Infrastructure and Security teams to implement and maintain robust security practices. This role is ideal for a proactive and detail-oriented professional with a strong background in security operations, governance, risk management, and compliance.

Key Responsibilities:

• Develop, maintain, and update comprehensive information security manuals and documentation.

• Monitor and manage Data Loss Prevention (DLP) tools such as Trellix EPO and TMS to ensure secure data handling.

• Utilize Spirion to detect Personally Identifiable Information (PII) and ensure compliance with the data retention policy.

• Administer Privileged Access Management (PAM) systems and generate routine access reports.

• Lead weekly IT security meetings to review vulnerabilities, software patches, and security tool alerts.

• Stay informed on emerging threats through feeds like Qualys Threat Protection and CISA alerts, and coordinate proactive remediation efforts.

• Collaborate with control owners to address and remediate compliance deficiencies; monitor and track remediation status.

• Drive the evolution and maturity of the organization’s Information Security Program through strategic planning and continuous improvement.

• Support risk assessments and mitigation strategies for infrastructure, applications, platforms, and third-party vendors.

• Regularly update and report risk and remediation status to executive stakeholders, including the CISO and CRO.

• Conduct vulnerability assessments using tools such as Qualys, and work with stakeholders to address discovered issues.

• Prepare and deliver daily, weekly, and monthly security reports to track incidents and ensure timely resolution.

• Lead internal risk assessments, audits, and policy governance efforts, with a focus on aligning practices within a financial services environment.

• Assist in aligning security controls with internal policies and regulatory requirements, ensuring effective testing and coverage.

• Monitor daily system and security logs for signs of malicious activity or unusual behavior.

• Review and authorize firewall rule changes through Tufin.

• Analyze system events using AlienVault SIEM, follow up on anomalies, and initiate appropriate responses.

• Monitor network activity and identify threats using Tipping Point IPS.

• Liaise with vendors to maintain and troubleshoot security systems and tools as needed.

Qualifications:

• Minimum of 5 years of experience in information security governance, risk management, and compliance.

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.

• Professional security certifications (e.g., CISSP, CISA, CISM, CEH) are preferred but not required.

• Solid knowledge of industry-standard security frameworks and regulations, including NIST, SOC 2, ISO, FFIEC, and NYDFS Part 500.

• Strong verbal, written, and presentation skills; fluency in English required.

• Experience with Governance, Risk, and Compliance (GRC) tools, particularly RSA Archer.

• Proficiency in Microsoft Office tools for reporting and documentation.

Benefits:

• Medical, Dental, and Vision Insurance

• 401(k) Retirement Plan

• Paid Maternity Leave

• Commuter Benefits

• Disability Insurance