Salem Five is a growing regional financial services organization with a rich history of over 160 years. As an independent bank, we are deeply rooted in the communities we serve and offer our employees successful and rewarding careers.

This position requires the ability to work in the Salem, MA offices.

• Align IT security standards with statutory and regulatory requirements. Help to shape security standards, procedures and guidelines for IT security controls and policies; evangelize, communicate and build consensus for adoption of policies companywide.
• Determine the acceptable level of information security risk in conjunction with the CIO and ISO. Advise senior management on information security risks and appropriate course of action.
• Provide internal security assessments of all new technology being delivered by Internal IT or acquired with partnerships with companies by participating in the lifecycle of technology projects.
• Provide security assurance against cyber-attacks, which may include (but not be limited to) DOS, DDOS, data loss and other malicious cyber activities, which could negatively impact the Bank.
• Track, document and manage all open security related problem reports and remediation within the team to the IT management and ISO.
• Research, evaluate and recommend information-security related hardware and software to maintain a strong security posture, including developing business cases for security investments.
• Conduct periodic risk assessments, penetration testing and vulnerability assessments.
• Develop and validate baseline security configurations for operating systems, applications, network and telecommunications equipment.
• Monitor periodic reports and analyze security logs for unusual events and trends.
• Provide expert level support and analysis during and after a security incident.
• Participate in security investigations and compliance reviews as requested by internal or external auditors.
• Help conduct Security Awareness Training for employees at all levels.
• Research and assess new threats and security alerts and recommends remedial actions.
• Document and report on annual security reviews, residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
• Regular attendance is essential to this position.

SUPERVISORY RESPONSIBILITIES

This position manages a large staff of vendors, systems integrators, managed security specialists and 3^rd party resources. Additionally, this position may manage employees through a matrix approach and/or a direct staffing model.

QUALIFICATIONS

• CISSP preferred
• Knowledge of NIST and/or FFIEC standards
• Ethical Hacking or Security Analyst experience helpful
• Hands on experience with computer forensics, penetration and vulnerability testing tools, conducting internal audits, independently building systems to run security tools from the ground up
• Prior experience in participating in Incident Response/Handling teams
• Minimum 3 years’ experience in an IT Security role focusing on system, network, infrastructure/application level vulnerability testing and auditing
• Strong familiarity with common standards for IT security and Cyber Defense
• Strong working knowledge of Microsoft Windows Active Directory, LDAP, Internet and network security technologies and protocols such as: TCP/IP, firewalls (including application firewalls), routers, switches, IDS/IPS, Anti-Virus, SIEM, Web Proxy, VPN, Linux, Encryption technologies products, etc. You should have previous hands-on experience building and supporting at least a few of these technologies.
• Strong knowledge of network security encryption methods, IPSEC, Kerberos, Authentication concepts
• Excellent oral, written and interpersonal communication skills
• Must be passionate about IT Security; decisive and confident: be comfortable defending a strong security posture to any level in the business
• Proven ability to work independently while being part of a team
• Strong problem solving and decision making skills
• Must be focused, energetic, meet commitments, willing to take ownership, have excellent judgment and integrity

EDUCATION and/or EXPERIENCE

Bachelor’s degree and three years of experience in Information Security

CERTIFICATES, LICENSES, REGISTRATIONS

CISSP, CISA, CISM preferred