AVP Senior Information Security Analyst - Risk Department

Job DescriptionSummary:This is a full-time position for a Senior Information Security Analyst ("Security Analyst") within theInformation Security team that participates in all aspects of information security.The Security Analyst shall act as a risk manager with the responsibility for identifying, acting on andescalating risks and is held strictly accountable for the failure to discharge their information securityduties. The employee shall also be responsible for demonstrating risk awareness by following all securitypolicies, procedures and internal controls in the daily routine.Ability to make decisions and influence decisions in the areas of risk management and compliance arekey to the role. The Security Analyst will ensure that policy and compliance documentation, requirementsand controls are properly and timely identified, mapped, tracked, reviewed, and reported for theorganization to increase security posture.In this role he will work closely with other members of the Security Team and IT Infrastructure Teams tomanage and support security administration tasks and security projects.RequirementsResponsibilities:SOC Operations (to include SIEM, SOAR, EDR, Threat Intelligence)- Perform initial triage of securityalerts and escalate real alerts; make recommendations to refine SIEM correlation rules and gatherintelligence from open source and vendor threat sources.Root Cause Investigations & Incident Response Playbooks- Includes maintaining and updating theIR Handbook using lessons learned from past incidents and assisting with documenting root causereports and tracking post-incident action items.Log Collection & Forensic Analysis- Verify log capture across critical security tools and maintainlogging infrastructure dashboard and alert on missing logs.Security Architecture Strategies- Maintain inventory of security tools and document security controlcoverage across the environment.DLP & Insider Threat Monitoring- Monitor DLP alert queues and escalate violations to management;assist in analyzing data movement patterns for potential insider threats.Penetration Testing & Tabletop Exercises- Document results from pen tests and track remediationprogress; coordinate logistics for tabletop exercises (scheduling, note-taking).Vulnerability Management & Patching SLAs- Track patching compliance and generate weeklyreports; assist in validating vulnerability remediation efforts.Attack Surface Monitoring & Threat Modeling- Monitor the asset inventory for continuous updatesand assist in threat modeling sessions by documenting identified risks.Baseline Configuration Compliance- Track deviations from approved baselines and escalatecompliance violations; maintain a database of baseline configurations for quick reference.Asset Management for Security Tools, Hardware, Software- Maintain asset tracking logs forsecurity tools and their deployment status; assist in decommissioning outdated security software.Audit Support / Remediation Efforts- support internal audit activities, assess current cybersecuritycontrols in place, and drive remediation efforts for identified findings.Risk Reporting- identifying, tracking, analyzing, and reporting key risk indicators (KRIs). Help provideactionable insights to enhance our cybersecurity risk management and informed decision-making.Education and Experience Requirements:At least 3 years managing information security governance, risk, and compliance.Bachelor's degree in information technology or security discipline (e.g. cybersecurity) or relatedwork experience.Industry recognized security certifications are a plus but not required (e.g. CISSP, CISA, CISM, CEH,etc.)Skills and Knowledge:Demonstrated knowledge of industry authoritative sources such as NIST CybersecurityFramework, SOC2 and ISO standards, FFIEC framework and NYDFS-Part 500 regulations.Experience with Splunk Cloud, Qualys, Spirion, Trellix, PAM, Tufin or similar information security tool ispreferred.Excellent written and verbal communication and presentation skills; Good command of spoken andwritten English.Interpersonal and collaborative skills; and the ability to communicate information risk-relatedconcepts to technical as well as nontechnical audiences.Skilled at planning, tracking plans, working cross department to review risks, controls and processes,and gathering and organizing documentation and test results.Self-directed, works with minimal guidance, and recognizes when guidance needed Ability to copewith pressure and responsibility.This job description is not limited to the responsibilities listed and the incumbent may be requested to performother relevant duties as required by business needs.