POSITION: INFORMATION SECURITY ASSURANCE ANALYST
The Information Security Assurance Analyst, under the direction of the Information Security Officer, is responsible for assisting in the development and implementation of the information security policies, procedures, programs and framework for Customer Information Security. Maintain and perform bank-wide asset risk assessment(s) and monitor risk across the company. Serve as an advisor to business unit managers regarding information security risk, including transaction and compliance, working with the information technology, legal and compliance departments. Make recommendations to business unit managers on reducing unacceptable risk exposure.
Key Result Areas:
- Assist with the development and implementation of the information security program, including the following program components: vulnerability management and verification testing, security information and event management (SIEM), incident response, business continuity, control testing, risk assessment and regulatory gap analysis
- Assist with the documentation of access methodologies and diagram of process workflows
- Assist with implementing and maintaining the user access program, completion of risk assessments to identify, and evaluation and measurement of the materiality of each risk
- Assist with monitoring of bank-wide application configurations to ensure they meet the standards required by the Information Security Program
- Monitor changes to system configurations and security alerting
- Support both internal and external audits as they relate to application access and Security Administration
- Coordinate management’s responses to information security related findings and maintains the bank’s acceptable risk matrix
- Promote and practice strong collaboration with all business units in the areas of information security risk from an implementation, assessment and training perspective
- Support and contribute to projects and initiatives for the program
- Maintain a high level of knowledge through training, participation in outside seminars and from professional publications and groups to ensure compliance with regulatory guidelines
- Manages work to ensure all deliverables are met on a timely and quality basis, according to Bank’s standards
- Perform additional duties as required
Bachelor’s Degree in Information Security or other subject matter area plus IS or Governance experience
Minimum of 3 years in an information security, information technology or related technical role
Experience in developing and administering an information security program desirable
Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM, or CISA
Expertise in understanding antivirus solutions, vulnerability scanning, data classification tools and SIEM required
Significant experience with NIST Cybersecurity Framework, FFIEC CAT or NIST 800-53 is strongly encouraged
Strong communication, customer service and interpersonal skills
Proficient in Microsoft Office to include Word, Excel, and PowerPoint
Ability to work a flexible schedule; i.e. weekends and evenings as needed
The above description covers the most significant major responsibilities but does not exclude other occasional responsibilities and accountabilities the inclusion of which would be in conformity with the major purpose of this job.
Harvard Square - Cambridge, Massachusetts
About Cambridge Savings Bank:
Cambridge Savings Bank is a full-service financial institution with approximately $3.7 billion in assets that is committed to improving the quality of life in the communities it serves. One of the oldest and largest community banks in Massachusetts, Cambridge Savings Bank offers a full line of individual and business banking services and has branches located in Arlington, Bedford, Belmont, Burlington, Cambridge, Charlestown, Concord, Lexington, Newton, and Watertown.
Cambridge Savings Bank is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. We are a VEVRAA Federal Contractor.