The Information Security Analyst will be responsible for the configuration, deployment, and maintenance of Information Security systems and defining and documenting security standards and will participate in technical research and development to enable continuing innovation for the security of the Bank.
The analyst will also be responsible for application risk assessments and will participate in incident response and investigations.
The Information Security Analyst will also develop and maintain SIEM/log analysis solutions, including data collection and aggregations, data normalization, and regular exception reporting. Analyst will also be responsible for the review and analysis of long-term comprehensive security data from a wide variety of sources.
The analyst will additionally assist with project management and will be responsible for the development and management of ongoing Information Security, Change Management, and Corporate Governance training programs. Analyst will additionally develop and maintain a secure online forum for all Information Security related activities.
· Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
· Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
· Contribute to ensuring that the IT systems are compliant with applicable regulations, group policies, codes and industry guidance, e.g. performing gap analyses between standards such as SANS Top 20, NIST 800-53, ISO 27001, and the SMBC Information Security Framework. Where gaps are identified, assist in defining standards and implementing appropriate controls.
· Collate and quality assure data provided to SMBC Departments such as Risk Management and Internal Audit.
· Review security event log data and investigate anomalies in collaboration with the Threat & Vulnerability team.
· Perform monitoring activities and risk assessments.
· Deploy, manage, and troubleshoot security monitoring agents and file integrity systems on all Unix, Linux, and Windows operation systems.
· Respond to, and where appropriate, resolve or escalate reported security incidents.
· Management of security related events and tracking of remediation process.
· Assist in ensuring that Change Management processes are followed correctly and that key personnel understand their roles and responsibilities by managing the creation and distribution of a Training & Awareness program.
· Implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
· Develop and maintain documentation for security systems and procedures and processes.
· Develop security awareness training for new employees.
· Participate in information security working groups.
· Perform testing to evaluate new products for network and system security controls.
· Maintain logging and monitoring standards, technical investigative techniques and reporting.
· Maintain project scheduling and task follow on security initiatives.
- Bachelor’s Degree in Computer Science or related field
- 2-4 years of experience with:
· System vulnerability tools
· Security monitoring tools for Windows, Linux and Unix
· Application security risk assessment tools or processes
· Creating effective technical educational programs
· Working with ITIL Change Management and Change Advisory Boards
· Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines related to FFIEC/SOX/PCI as well as standards and best practices related to ISO and NIST
· Data Analysis including normalization and anomaly recognition software
- One of the following certifications is a plus: SSCP, CISM, CISA, or CISSP
- Working Technical Knowledge of the following :
· Encryption technologies and PKI infrastructure experience with penetration testing tools (e.g. Nessus, Metasploit, NeXpose)
· Knowledge of Information Security regulatory requirements, codes and industry guidance such as such as NIST 800-53, ISO27001, CIS and Cobit
· Ability to utilize resources to contribute valuable input to Information Security projects and Risk Assessments, e.g. ISACA, CIS, FS-ISAC
· Experience with detecting and assessing threats (such as malware infections and critical vulnerabilities), containment and remediation efforts
· Networking technologies (TCP/IP/etc…) and protocols (SSL, SSH, LDAP, SMTP, DNS, etc…)
· Unix, Linux, and Windows Operating Systems
· Microsoft Active Directory
· Security monitoring tools (SIEM, auditing and log collection tools, network IDS, malware detection)
· Familiarity with security monitoring concepts
· Experience with creating successful Phishing awareness campaigns
· Experience with Project Management and ability to coordinate tasks on multifaceted projects
· Working knowledge of MS SharePoint is a plus
- Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation
- Strong ability to effectively analyze complex data and event logs
- Strong ability to recognize and remediate issues within the internal infrastructure
- Strong verbal and written communication skills
- Ability to adapt information delivery based on audience
- Ability to communicate information security concepts across a broad range of technical and non-technical staff
- Ability to multitask and work under tight deadlines
- Ability to raise awareness and issues to executive leadership, engage leaders and stakeholders in understanding their roles in delivering enterprise Change, Configuration and Release Management process
- Good relationship and stakeholder management skills
- Good communication and written skills
- Self motivated and ability to work within stringent time frames
- Strong analytical and investigation skills
- Strong team player
- Weekend and late night work may be required on occasion
- Experience dealing with both technical and non-technical staff
Sumitomo Mitsui Banking Corporation. - 9 months ago
copy to clipboard
SMBC has had a presence in the Middle East, stretching back to the 1970's. We have physical representation through our representative...