Berkshire Bank
Overview
AVP, Sr. Information Security Analyst
role at Berkshire Bank. Division: Risk Management; Department: Information Security; Reports to: SVP, Information Security Officer; Status: Exempt/Officer; Grade: 11; Salary Range: $66,699 - $141,734. Location: Hybrid within MA, CT, NY, VT, RI. Actual compensation within the pay range will be decided based on factors including, but not limited to, skills, prior relevant experience, and specific work location. Purpose / Objective
The AVP, Sr. Information Security Analyst is an experienced team member responsible for monitoring, detecting and responding to cybersecurity threats and incidents. This role requires advanced knowledge and experience in analyzing, triaging, responding to and resolving investigations and incidents. Using a variety of commercial and open-source tools, the AVP, Sr. Information Security Analyst will investigate alerts, review log data and run specialized queries to analyze events quickly and execute response actions. The role works with multiple technologies, including SOAR, SIEM, endpoint devices, applications, network devices, cloud infrastructure and threat intelligence feeds. As a senior member of the team, the analyst will handle escalations, support less-experienced team members and manage more-challenging incidents in the queue. The role mentors other team members to strengthen the teams capabilities and identifies opportunities to automate repetitive tasks to improve the security posture. This role reports to the SVP, Information Security Officer. Key Accountabilities Serves as the lead security analyst to provide expertise and oversight involving security incidents, including all critical and complex incidents, ensuring remediation within expected information security SLAs. Acts as a subject matter expert in assisting with, implementing and strengthening information security monitoring protocols, policies, and other information security owned systems. Collaborates with team members to monitor and enforce application security, harden servers/workstations, patch management, database activity, vulnerability assessments, data loss prevention, antivirus, firewalls, asset management, and enforce encryption protocols. Leads information security support to internal business units by providing research, analysis, and solutions for critical, sophisticated, or complex security initiatives. Participates in an on-call rotation for regular hours and after-hours support as required. Assumes additional responsibilities to meet department objectives, stays current with cybersecurity threats and AI developments, and recommends improvements aligned with MITRE ATT&CK framework. Documents and shares information to improve analytical skills, monitoring and response metrics, KPIs and service level objectives; participates in tabletop exercises to identify gaps and improve skills and communication. Recommends adjustments to security tool configurations to minimize false positives and improve monitoring, logging, identity management, data protection, and preventative controls; reports on SOC state to cybersecurity leaders upon request. Ensures compliance with banking laws, rules, regulations, and policies necessary to reduce risk and uphold ethical standards related to duties.
Education
Bachelors degree preferred in cybersecurity, computer science, engineering or related field, or equivalent work experience Certifications in Information Security are preferred (CISSP, Security+)
Experience
Five-plus years of experience in Information Security or related fields required Experience with network devices/concepts, firewalls, routers, and switches Experience with Network Access Control (NAC), Cloud Access Security Broker / Secure Web Gateway, Zero Trust Architecture Expertise in security solutions including next-generation antivirus, data classification tools, and SIEM; defense in depth strategies Experience with threat hunting and/or anomaly investigation
Skills & Knowledge
Excellent analytical, problem solving, and documentation skills Technical skills in security risk assessment, incident monitoring/reporting, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems Understanding of emerging cybersecurity threats Expertise in SOAR, SIEM, threat intelligence, identity management, sandboxes, vulnerability management, and EDR/Endpoint detection tools Understanding of ML/AI applications in security operations processes Strong understanding of threats, vulnerabilities and incident response principles Familiar with frameworks/regulations such as NIST CSF, SOX, GLBA Excellent judgment, quick decision-making, integrity and professionalism Exceptional written and verbal communication across organization levels
Berkshire Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. If you would like to contact us regarding accessibility of our website or need assistance completing the application process, please contact hr@berkshirebank.com. #J-18808-Ljbffr
AVP, Sr. Information Security Analyst
role at Berkshire Bank. Division: Risk Management; Department: Information Security; Reports to: SVP, Information Security Officer; Status: Exempt/Officer; Grade: 11; Salary Range: $66,699 - $141,734. Location: Hybrid within MA, CT, NY, VT, RI. Actual compensation within the pay range will be decided based on factors including, but not limited to, skills, prior relevant experience, and specific work location. Purpose / Objective
The AVP, Sr. Information Security Analyst is an experienced team member responsible for monitoring, detecting and responding to cybersecurity threats and incidents. This role requires advanced knowledge and experience in analyzing, triaging, responding to and resolving investigations and incidents. Using a variety of commercial and open-source tools, the AVP, Sr. Information Security Analyst will investigate alerts, review log data and run specialized queries to analyze events quickly and execute response actions. The role works with multiple technologies, including SOAR, SIEM, endpoint devices, applications, network devices, cloud infrastructure and threat intelligence feeds. As a senior member of the team, the analyst will handle escalations, support less-experienced team members and manage more-challenging incidents in the queue. The role mentors other team members to strengthen the teams capabilities and identifies opportunities to automate repetitive tasks to improve the security posture. This role reports to the SVP, Information Security Officer. Key Accountabilities Serves as the lead security analyst to provide expertise and oversight involving security incidents, including all critical and complex incidents, ensuring remediation within expected information security SLAs. Acts as a subject matter expert in assisting with, implementing and strengthening information security monitoring protocols, policies, and other information security owned systems. Collaborates with team members to monitor and enforce application security, harden servers/workstations, patch management, database activity, vulnerability assessments, data loss prevention, antivirus, firewalls, asset management, and enforce encryption protocols. Leads information security support to internal business units by providing research, analysis, and solutions for critical, sophisticated, or complex security initiatives. Participates in an on-call rotation for regular hours and after-hours support as required. Assumes additional responsibilities to meet department objectives, stays current with cybersecurity threats and AI developments, and recommends improvements aligned with MITRE ATT&CK framework. Documents and shares information to improve analytical skills, monitoring and response metrics, KPIs and service level objectives; participates in tabletop exercises to identify gaps and improve skills and communication. Recommends adjustments to security tool configurations to minimize false positives and improve monitoring, logging, identity management, data protection, and preventative controls; reports on SOC state to cybersecurity leaders upon request. Ensures compliance with banking laws, rules, regulations, and policies necessary to reduce risk and uphold ethical standards related to duties.
Education
Bachelors degree preferred in cybersecurity, computer science, engineering or related field, or equivalent work experience Certifications in Information Security are preferred (CISSP, Security+)
Experience
Five-plus years of experience in Information Security or related fields required Experience with network devices/concepts, firewalls, routers, and switches Experience with Network Access Control (NAC), Cloud Access Security Broker / Secure Web Gateway, Zero Trust Architecture Expertise in security solutions including next-generation antivirus, data classification tools, and SIEM; defense in depth strategies Experience with threat hunting and/or anomaly investigation
Skills & Knowledge
Excellent analytical, problem solving, and documentation skills Technical skills in security risk assessment, incident monitoring/reporting, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems Understanding of emerging cybersecurity threats Expertise in SOAR, SIEM, threat intelligence, identity management, sandboxes, vulnerability management, and EDR/Endpoint detection tools Understanding of ML/AI applications in security operations processes Strong understanding of threats, vulnerabilities and incident response principles Familiar with frameworks/regulations such as NIST CSF, SOX, GLBA Excellent judgment, quick decision-making, integrity and professionalism Exceptional written and verbal communication across organization levels
Berkshire Bank is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. If you would like to contact us regarding accessibility of our website or need assistance completing the application process, please contact hr@berkshirebank.com. #J-18808-Ljbffr