INFORMATION SECURITY ADMINISTRATOR

POSITION OVERVIEW

The role of the Information Security Administrator (ISA) is to implement and develop the information security strategy to safeguard the Bank from potential cyber threats and ensure compliance with relevant banking regulations.

ISA will oversee the protection of digital assets, ensure compliance with industry standards, and mitigate risks across IT systems, networks, and data. This role is critical to safeguarding business operations, customer trust, and maintaining resilience against evolving cyber threats.

This includes the oversight of all cybersecurity architecture and cybersecurity engagement functions such as incident response, threat intelligence, architectural support, secure design, risk analysis, vulnerability management and threat hunting across the enterprise, stores and cloud environments.

The position balances security enforcement and business continuity.

The Information Security Administrator reports hierarchically directly to the CIO.

POSITION RESPONSIBILITIES

• Design, develop, Implement and manage cybersecurity policies, protocols, tools and incident response plans aligned with NIST Framework or ISO 27001
• Oversee vulnerability scanning and remediation program. Prioritize risks based on business impact and address risks. Identify systemic security weaknesses.
• Supervise cybersecurity SOC/MDR, consultants, SaaS providers and IT professionals, ensuring effective threat monitoring, incident response, and resource allocation.
• Ensure the effectiveness of security tools (firewalls, encryption, intrusion detection) as well as timely system updates/patches.
• Work together with Risk, Compliance and IT functions to identify, mitigate and manage security risks aligning with the organizational goals and objectives.
• Lead breach investigations, coordinate forensic analysis, and communicate with stakeholders during crises.
• Monitor third-party security practices and ensure adherence to data privacy laws (e.g., GLBA).
• Recommend and implement security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Overseas the administration, design, configuration, integration, and maintenance of the Bank's security architecture, including the following solutions:
• SIEM, MDR and EDR
• Email security
• Network Firewalls
• File Integrity Monitoring solution
• Identity Management, SSO & MFA
• Privileged Access Management
• Network Access Control
• Microsoft 365 Security
• Be a final resource in the security incident response planning as well as the investigation of security events including being the technical lead and subject matter expert in the Incident Response Team (IRT), as needed.
• Exercises discretion and independent judgment in evaluating challenges and limitations to determine appropriate resolutions that strengthen the Bank's security posture.
• Performs related duties as assigned.

SKILLS / QUALIFICATIONS

• Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
• Excellent written and verbal communication skills - including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences - and strong interpersonal and collaborative skills
• High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
• Demonstrated experience in executing/delivering cross functional projects in a dynamic, fast-paced environment with a sophisticated ability to balance security strategies and other priorities at the organizational level.
• Ability to formulate conclusions and recommend courses of action.
• Excellent organizational skills and adept at multi-tasking and initiating/driving projects though completion.
• Collaborate with IT operation team, Application team, BI & data management team, executives etc.

EDUCATION / EXPERIENCE

• Bachelor's degree in computer science, Cybersecurity, or related field or equivalent experience; master's degree preferred. Any or all the following certifications are preferred: CISSP, CISMP.
• 7 years of experience with 4+ years in Security operations leadership role, which may include information security, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention, Identity Management)

We offer a competitive total rewards package, including but not limited to Medical, Dental, Vision, and Life Insurance, 401k retirement savings plan, and paid federal holidays, for this full-time position within the annual salary range of $115,000 - $117,000. Annual pay ranges are determined based on qualifications, level, and location. Exact compensation may vary based on your skills and experience.

Must be authorized to work in the US.

We are an Equal Opportunity Employer. All applicants will receive consideration for employment without regard to race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity, gender expression, genetic information, or military or Veteran status, or any other characteristic protected by law.