Info Security Analyst III (Remote a Possibility) in Chico, CA

Info Security Analyst III (Remote a Possibility) – Tri Counties Bank – Chico, CA – work from home job

Company: Tri Counties Bank

Job description: Description :

The hiring range for this opportunity is $105,000 to $145,000 annually along with incentive opportunities, creating a competitive total compensation package based on our pay scale, and may be modified by location and is commensurate with qualifications and experience.

POSITION SUMMARY

The Information Security Analyst will support the Information Security risk management process within Tri Counties Bank. Performs reviews of system logs to ensure that no violations to the Bank’s security policies have occurred. Directly reporting to the Information Security Officer (ISO), provides the ISO Security Policy violations while maintaining confidentiality. The analyst must have the ability to convey complicated technology and security concepts to management and ideally has technical knowledge and/or experience in security, networking, systems administration, database administration, architecture or another technical domain. Alternatively, proficiency in a risk management framework and performing risk analysis in a regulated environment is desired. This position also monitors network traffic to detect possible threats, respond to threats as they occur, and ensures compliance with the Bank’s Information Security policies. Provides the Information Security Officer violations of information security, while assisting with incident detection and management. This position also maintains security systems that help detect and mitigate security threats to the Bank’s technology environment.

MAJOR RESPONSIBILITIES

Information Security Program Support

Day to day operations of InfoSec and Cybersecurity operations. Follow established duties and practices as assigned by ISO. Follow directions to maintain support of business lines and enterprise security requirements.

In Addition to ISA 1 & 2 responsibilities, collaborate with the ISO to mature and improve the IS incident response and security operations programs. Monitor, interpret and communicate to ISO new and updated regulation, compliance, laws and best practices. Participate in monitoring cyber events and issues, and in breach response including planning. Supervise and provide guidance to ISA I and II regarding IS programs and events. Assist the ISO to grow and improve the IS program in the following areas: risk metrics and reporting, program maintenance and organizational integration. Collaborate with other areas to ensure the program is current, that it is in compliance with IS policies and that gaps are identified and resolved. Maintain a high-level understanding and awareness of the IS risk program requirements, risk position and updated methods to consistently improve the Bank’s risk profile in IS management. Keep updated on current threats and make recommendations for protections for the Bank’s technology environment.

Threat monitoring and response will be key to maintaining the IS program, active participation in monitoring, assessment of threat to enterprise, and response will be required.

Principle incident response investigator related to cyber-attacks. Proactively search environment for vulnerabilities and security misconfigurations. Monitor the bank’s cloud infrastructure and provide recommendations for improving security posture.

Maintain and manage the bank’s Security Information and Event Management (SIEM) system. Add additional systems for monitoring and produce relevant alerts for each system. Maintain other security tools to support the Information Security environment to mitigate risks and enhance security posture.

Develop procedures for maintaining tools as well as the implementation of appropriate processes. Make recommendations for any additional tools that may be needed to protect the Bank.

Information Security and Cybersecurity Best Practice Management and Development:

Ensure current industry best practices, regulation and compliance requirements are integrated into the Information Security and Cybersecurity areas of reporting, policy and procedures.

In Addition to ISA 1 & 2 responsibilities, maintain a high-level understanding of current industry best practices regarding Information Security and Cybersecurity to improve the IT risk position through reporting, policy, program and procedure development. Provides advice and guidance to IT Management regarding appropriate reporting to accurately reflect the Information Security and Cybersecurity risk profile. Collaborates with ISO to monitor and analyze key risk indicators (KRIs) and key performance indicators (KPIs). Ensures reports are accurate and in alignment with the current IT risk profile. Assists in overseeing the policies, programs and procedures to ensure they are accurate and updated as required by new and updated regulation, compliance, best practices and law, and according to the schedule. Provides targeted and quantifiable reporting of Information Security and Cybersecurity activities.

IT Audit and Compliance Management:

Support audit, exam and review processes to include audit remediation. Act as resource and/or advisor for new audit and compliance rules and processes.

Work with Internal Audit to ensure the Information Security and Cybersecurity program audits are efficiently performed. Work with Compliance, Legal and HR to assure compliance with relevant laws and regulations.

Assist ISO with periodic reviews, audits and exams to assure compliance with relevant rules, laws and regulations. Work closely with management and relevant committees to maintain programs that are compliant.
• Ability to maintain confidentiality
• Ability to work independently
• Ability to work in a team environment
• Ability to grasp new concepts
• Exercise independent judgment in decision making
• Ability to simplify and communicate very complex ideas for general understanding
• Strong leadership skills

OTHER RESPONSIBILITIES
• Works to protect Bank information systems against cyberattacks and insider threats
• Works with staff responsible for daily review of all security violation for the Internet and E-mail systems.
• Monitors and maintains security violations.
• Have intimate knowledge of security solutions, including SIEM, anti-malware, and other security tools.
• Technical ability to maintain security systems and tools for protection of Bank’s systems.
• Implements or recommends security procedures to protect Bank systems from deliberate or accidental access, disclosure or destruction.
• Maintains logs of violations.
• Keeps logs current for review by audit, administration staff and Information Security Officer.
• Handles all violations according to security policies.
• Works on other tasks assigned by management.
• Ensure current industry best practices, regulation and compliance requirements are integrated into the Information Security and Cybersecurity areas of reporting, policy, and procedures.
• Adheres to Bank policy and procedures and complies with confidentiality regulations including Gramm-Leach Bliley Act principles by successfully completing related trainings and maintaining these learned practices on the job.
• Maintains a current understanding of Bank policies and procedures in compliance with all federal and state laws, including but not limited to Bank Secrecy Act (SARs, CIP, OFAC), Information Security (GLBA), Identity Theft Red Flags, Financial Elder Abuse Reporting, and any other applicable regulations that may be specific to your job duties.
• Performs other duties as assigned.

EDUCATION, EXPERIENCE AND OTHER SKILLS REQUIRED
• Minimum 3-5 years’ experience demonstrating leadership and management skills.
• Minimum 8 years’ experience in Information Technology and/or Information Security.
• Ensure current industry best practices, regulation and compliance requirements are integrated into the Information Security and Cybersecurity
• Any combination of academic education, professional training, or work experience, which demonstrates the ability to perform the duties of the position.
• Experience using risk based/cyber security frameworks, such as NIST
• Experience with building and managing relationships with senior level stakeholders
• Experience in various operating systems (Windows, Linux, iOS/Android, etc.)
• Experience in network architecture and security infrastructure placement
• Experience in cloud architecture platforms such as AWS, Azure, and GCP
• Advanced knowledge of laws and regulations impacting data protection and confidentiality, integrity, and availability of systems and data in the financial industry such as, Sarbanes-Oxley, and state regulations
• Advanced knowledge of all phases of IT, IS Cyber, BCP, VMP risk assessment including identification, analysis, impact evaluation, response, reporting and tracking
• Advanced knowledge of how technologies, processes, and controls impact risk in both the information systems and corporate business environment.
• Knowledge of BC and VM with ability to backup processes.
• Current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification required.

OTHER ESSENTIAL QUALIFICATIONS
• Adaptability and demonstrates good judgment.
• Excellent written and verbal communication skills
• Strong analytical, planning, problem solving and time management skills
• Interpersonal skills to interface with internal and external parties in a professional manner
• Organizational abilities.
• Maintains a current understanding of Bank policies and procedures, in compliance with all state and federal laws including but not limited to Bank Secrecy Act (SARs, OFAC), Information Security Guidelines (Privacy, GLBA), Identity Theft Red Flags, and Unfair, Deceptive, Abusive Acts or Practices.
• Work with customers via telephone, email, VPN and remote web meeting, in conjunction with employing all available technical resources internally and externally, to bring issues to a timely resolution.

PHYSICAL REQUIREMENTS

May be required to lift up to 50 pounds

COMPANY PROFILE

Established in 1975, Tri Counties Bank is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ: TCBK) headquartered in Chico, California, with assets of nearly $10 billion and more than 45 years of financial stability. Tri Counties Bank provides a unique brand of Service With Solutions® for communities throughout California with a breadth of personal, small business and commercial banking services, plus an extensive branch network, more than 37,000 surcharge-free ATMs nationwide, and advanced online and mobile banking.

Tri Counties Bank remains strong and profitable through our top-down commitment to our core values, sound business principles and responsible lending practices.

Our success is also based on our community engagement. We still believe in the vision of the helpful and caring community banker. As we grow and serve more communities, we become more involved, providing substantial financial and volunteer support to local economies and community organizations. We applaud our employees who roll up their sleeves to work and volunteer for a greater good in our communities.

Tri Counties Bank hires individuals who are qualified for the role and who represent the communities in which we serve. We look to place people in positions where they can best utilize their abilities and strengths, and where they are able to grow with the Bank.

Tri Counties Bank is an Affirmative Action and Equal Opportunity Employer, Race/Color/Religion/Sex/Sexual Orientation/Gender Identity/National Origin/Disability/Veteran.

Expected salary: $105000 – 145000 per year

Location: Chico, CA

Job date: Sun, 17 Sep 2023 02:58:56 GMT

Apply for the job now!