POSITION: SENIOR INFORMATION SECURITY ASSURANCE ANALYST
The Senior Information Security Assurance Analyst, under the direction of the Information Security Officer, is responsible for assisting in the development and implementation of the policies, procedures, programs, and framework for enterprise-wide information security. Maintain and perform bank-wide risk assessment(s) and monitor risk across the company. Serve as an advisor to business unit managers regarding information security risk, including transaction and compliance risk, working with the Information Technology, Legal and Compliance departments. Make recommendations to business unit managers on reducing unacceptable risk exposure.
Key Result Areas:
- Assist with the ongoing development and implementation of the Information Security Program, including the following program components: vulnerability management, security information and event management (SIEM), incident response, entitlement review, business continuity, control testing, risk assessment, security awareness training and regulatory gap analysis.
- Assist with the documentation of access methodologies and diagramming of data transfer and process workflows.
- Conduct risk assessments to identify, evaluate, and measure the materiality of risk.
- Assist with monitoring of bank-wide application configurations to ensure they meet the standards required by the Information Security Program. Monitor changes to system configurations and security alerting.
- Support both internal and external audits as they relate to application access and security administration. Coordinate management responses to information security related findings and maintain the Bank’s acceptable risk matrix.
- Promote and practice strong collaboration with all business units in the areas of information security risk from an implementation, assessment, and training perspective. Support and contribute to both Risk and enterprise-wide projects and initiatives.
- Maintain a high level of knowledge and industry awareness through ongoing training and participation in outside seminars and networking groups to stay current and ensure compliance with regulatory guidelines.
- Work independently and manage work to ensure all deliverables are met on a timely basis, and in accordance with the Bank’s standards.
- Perform additional duties as required
- Bachelor’s Degree in Information Security/Assurance or other subject matter area or equivalent experience
- Minimum of 7 years’ experience in an information security or information technology role
- Strong interpersonal and customer service skills; strong written and oral communication
- Thorough understanding of risk management principles and information security/data governance, and experience with risk assessment, access review, access methodology, and process workflow documentation
- Candidates holding or actively pursuing related professional certifications such as Security+, SCCP, CISSP, CISM, or CISA preferred
- Expertise in understanding EDR solutions, patch and vulnerability management, data classification tools, SIEM, and device hardening
- Significant experience with information security frameworks and assessments, such as the NIST Cybersecurity Framework, NIST 800-53, FFIEC CAT, MITRE ATT&CK and/or CIS Controls, and strong familiarity with information security technology architecture, defense in depth strategy, etc.
- Proficiency with Microsoft Visio and/or similar visualization/diagramming tools highly desirable. Proficient in Microsoft Office including Word, Excel, and PowerPoint
- Ability to work a flexible schedule; i.e. weekends and evenings as needed
The above description covers the most significant major responsibilities but does not exclude other occasional responsibilities and accountabilities the inclusion of which would be in conformity with the major purpose of this job.
About Cambridge Savings Bank:
Cambridge Savings Bank is a full-service financial institution with approximately $5 billion in assets that is committed to improving the quality of life in the communities it serves. One of the oldest and largest community banks in Massachusetts, Cambridge Savings Bank offers a full line of individual and business banking services and has branches located in Arlington, Bedford, Belmont, Burlington, Cambridge, Charlestown, Concord, Lexington, Melrose, Newton, and Watertown.
Cambridge Savings Bank is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. We are a VEVRAA Federal Contractor.