COMPANY SUMMARY:
Our client is a large bank, based in Baltimore, Maryland, is a leading financial institution serving the national healthcare and multifamily markets and the Mid-Atlantic region. As the 6th largest bank in Baltimore by deposits and the largest locally based, they have grown from $1 billion to over $5 billion in assets by 2023. With over 30 years of expertise, they rank among the top five healthcare bridge-to-HUD lenders in the country. They redefine banking by blending big bank capabilities with personalized boutique service. Recognized as "Best Place to Work" by the Baltimore Business Journal in 2022 and 2023, their primary goal is making each team member feel choosing them was their best career decision.
WORK ENVIRONMENT:
They offer a hybrid schedule, with 3 days in-office and 2 days remote after the initial 90-day period.
POSITION SUMMARY:
The Information Security Associate performs a critical role in managing CFG’s information security environment. The Associate oversees the successful implementation and maintenance of the information security program and actively engages in ongoing third-party risk management activities. The Associate will be responsible for ensuring Bank compliance with information security and third-party risk-related laws, regulations, and industry standards. A successful candidate will be a skillful communicator, capable of clearly articulating complex topics in written form.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Information Security Program (ISP):
Promoting information security awareness across business units.
Establishing and maintaining information security policies and procedures.
Reviewing audit logs, events, reports, and alerts, formulating responses with thoroughly evidenced and well-reasoned discussion of appropriate resolution.
Monitoring and reporting on patch and vulnerability management strategies.
Identifying areas of non-compliance or risk and presenting recommendations for remediation.
Participating in systems and controls risk assessments.
Managing the social engineering awareness program, including suspicious message review, periodic training and testing deployment, and reporting functions.
Third Party Risk Management (TPRM) Program:
Participating in the active management and oversight of the TPRM lifecycle.
Conducting TPRM risk assessments, proactively identifying and addressing potential 3rd and 4th party risks.
Collecting and reviewing documentation associated with third party relationships.
Completing comprehensive written evaluations of vendor provided documentation.
Ensuring timely completion of oversight tasks in alignment with established requirements.
Contributing to TPRM policy and procedure development, ensuring compliance with laws, regulations, and industry best practices.
Providing regular progress reports.
QUALIFICATIONS AND REQUIREMENTS:
Bachelor's degree in information technology or related field, or equivalent relevant work experience. Related professional certifications will also be considered.
Minimum 5 years’ information security related experience, preferably in a financial institution setting.
Excellent written and verbal communication skills including the ability to conduct thorough, documented research and present findings clearly and comprehensively.
Strong analytical and critical thinking capabilities.
Strong work ethic and ability to achieve individual results within a team environment.
Ability to work independently and manage multiple concurrent tasks while meeting deadlines.