The Analyst, Information Security will work with the oversight and challenge of Information Security Controls performed by the first line of defense. Also, will assist in performing various risk assessments related to Information Security. Position works hybrid bases in San Juan, PR.
MAJOR DUTIES & RESPONSIBILITIES:
- Assists the Bank’s Information Security Advisor in the development of an appropriate Information Security Program, as required by GLBA (Gramm Leach Bliley Act), and ensure it is approved by the Board of Directors or designated board committee.
- Supports the overseeing and reporting on the management and mitigation of information security risks across the institution and should be held accountable for the results of this oversight and reporting.
- Handles the preparation of the Information Security Report, the Information Security Program, and the quarterly information and cybersecurity oversight reporting to the BOD committee.
- Responds to security events by ordering emergency actions to protect the institution and its customers from imminent loss of information; managing the negative effects on the confidentiality, integrity, availability, or value of information; and minimizing the disruption or degradation of critical services.
- Handles the onboarding of the Data Loss Prevention Tool.
- Assists in the implementation of the Privilege Access Tool.
- Performs various risk assessments and security testing as required.
- Assists in the documentation of various policies and procedures.
- Supports the engaging with management in the lines of business to understand new initiatives, providing information on the inherent information security risk of these activities, and outlining ways to mitigate the risks by addressing the Information Security Assessments
- Works with management in the lines of business to understand the flows of information, the risks to that information, and the best ways to protect the information.
- Other duties may be assigned.
EDUCATION & EXPERIENCE:
- Bachelor’s Degree in Business Administration, Information Technology, Cybersecurity or any related field required. Professional Security Management Certification is highly desirable.
- Three (3) years of experience with business management, working knowledge of information security risk management and cybersecurity technologies and/or systems audits required.
- Minimum education and experience required can be substituted with the equivalent combination of education, training and experience that provides the required knowledge skills and abilities.
- Fully bilingual – English and Spanish (verbal and written) required.
- Computer proficiency in MS Office and other business applications required.
- Understanding of industry security standards including NIST, ISO, SANS, COBIT, CERT preferred.
- Knowledge of current data privacy regulations, including GLBA and regional standards preferred.
- Strong understanding and experience with Secure SDLC and DevSecOps or security automation.
- Capable of understanding and communicating business and profit impact that infosec operations have on the organization.
#hybrid
Oriental is an Equal Opportunity Employer (EEO Employer / Affirmative Action for Females / Disabled / Veterans)
Recruitment Privacy Statement
Compliance Posters
