Senior Cybersecurity Risk Analyst

Summary: Dime Community Bank is currently hiring for a Senior Cybersecurity Risk Analyst (“SCRA”) at its Headquarters in Hauppauge, Long Island. The SCRA is primarily responsible for assisting the Chief Information Security Officer (“CISO”) in the development, maintenance and monitoring of Dime’s Cybersecurity and Information Security Programs, which are designed to protect the confidentiality, integrity, and availability of Dime’s information systems. In fulfilling this responsibility, the SCRA will serve as a technical expert on information security policy and will be responsible for managing Dime’s Information Security Program. The SCRA will also work with Dime’s CISO and Chief Risk Officer (“CRO”) to develop, implement and maintain an effective cybersecurity risk framework.

Salary commensurate with experience, ranging from $85,000 to $106,000 annually. The exact compensation may vary based on relevant experience, skills, education, training, licensure and certifications, and location.

All applicants must attach a recent resume. This is not a remote role. This is a hybrid role (4 days in office/1 day remote).

Dime does not provide relocation assistance or visa sponsorship (now or in the future).

Responsibilities:

Overall, the CRA’s job is to work with Dime’s IT, Internal Audit, and Risk Management Departments and various business lines to plan, coordinate and develop recommendations for all aspects of information security policies and procedures in order to:

• Ensure that the procedures and rules of use for information systems comply with Dime’s information security policies. Perform periodic reviews to assure that security policies and procedures are being complied with, as well as develop recommendations for improvements. Work with Dime’s business lines, vendors, and systems professionals to identify solutions to advance the bank’s information security goals.
• Coordinate and assist in the development and maintenance of policies, standards, processes, and procedures to assess, monitor, report, escalate and remediate information security risks and related compliance issues.
• Ensure that appropriate risk assessments are performed and that existing controls are periodically tested for effectiveness. Use metrics to measure, monitor and report on the effectiveness and efficiency of information security controls and compliance with information security policies. Conduct and report results of the annual information security risk assessment.
• Maintain the information security risk register and ensure that compliance issues and other variances are resolved in a timely manner.
• Ensure the development and delivery of activities and programs that can positively influence Dime’s information security culture and the related behavior of its staff, including information security education and awareness.
• Present program status and updates on major deliverables to Senior Management and the Board of Directors. Engage and influence all areas of Dime to ensure that initiatives and activities are aligned with the information security program. Periodically conduct training and awareness campaigns with new and existing staff.
• Act as Information Security’s primary point of contact with respect to internal and external audits and examinations, and coordinate efforts to gather and supply evidence to auditors and examiners.
• Monitor the evolving regulatory environment to ensure that Dime identifies and prepares for new and changing laws, guidance, and frameworks.

Qualifications:

• Bachelor’s degree and minimum three years’ related experience and/or training; or equivalent combination of education and experience.
• Knowledge of banking operations and bank policy and procedure development.
• Knowledge of financial services regulatory requirements (FFIEC, GLBA, NYSDFS), and industry standards (NIST, ISO 27001/2).
• CISSP or CISM (or comparable certification) preferred.
• Experience administering GRC software.
• Experience with Security Awareness Training and Testing Platforms.
• Exposure to enterprise security tools preferred (i.e., SIEM, vulnerability scanners, firewalls, identity governance and administration).
• Demonstrated understanding of technological trends and developments in the areas of information security, risk management, and business continuity.

• Demonstrated experience in the administration and management of the information security function, including FFIEC and DFS regulations and audits.

• High regard for quality and risk management practices.
• Excellent oral and written communication skills.
• Ability to work outside of normal business hours on occasion.
• Superior knowledge of Microsoft Office products.

Salary : $85,000 - $106,000