Information Security Specialist

Description

Position Summary:

Supports the Bank’s Information Security, Third-Party Management, and Business Continuity Management programs through day-to-day administration, monitoring, documentation, and coordination. This role helps strengthen regulatory compliance, operational resilience, and enterprise risk management by partnering with business units to maintain effective controls, complete key assessments, support testing and training activities, and address identified issues in a timely manner.

Essential Functions:

1. Administers and uses the Bank’s third-party risk management, business continuity management, findings management, and enterprise risk management systems (Ncontracts) to support program activities, documentation, and reporting.
2. Supports the Third-Party Risk Management Program by partnering with business unit relationship managers and coordinating onboarding, due diligence collection, periodic reviews, risk assessments, issue tracking, and ongoing monitoring for third-party relationships.
3. Supports the Business Continuity Management Program by partnering with business units and coordinating and maintaining business impact analyses, departmental recovery plans, and related documentation to ensure key processes, dependencies, and recovery objectives remain accurate.
4. Assists with the development, coordination, documentation, and follow-up of business continuity and disaster recovery exercises and tests, including the tracking of results, lessons learned, and corrective actions.
5. Monitors and reviews daily logs, alerts, and reports from the Bank’s threat detection and SEIM system and other data management systems. Investigates irregularities and escalates suspicious activity, control gaps, and other issues to the Senior Information Security Specialist and Information Security Officer, as needed.
6. Supports information security operations by assisting with control monitoring, user awareness activities, phishing and social engineering exercises, policy and procedure maintenance, and periodic risk or control assessments.
7. Assists with incident response and issue management activities by documenting events, gathering information, coordinating follow-up, and tracking remediation to completion.
8. Maintains accurate program records, metrics, and reports for management, committees, audits, and examinations; elevates overdue items, exceptions, and emerging risks as needed.
9. Supports internal and external audits, regulatory examinations, and independent reviews by preparing documentation, responding to requests, and assisting with remediation of findings related to information security, third-party risk, business continuity, and enterprise risk management.
10. Conducts research and assists in the development, implementation, and ongoing maintenance of policies, procedures, standards, and program documentation.
11. Complies with applicable laws, regulations, and Bank policies and provides professional, courteous, and efficient service to internal and external customers.
12. Performs other duties, projects, and special assignments as required or assigned.

Other Duties and Responsibilities:

1. Attends all required meetings and training.
2. Completes assigned training.
3. Serves on various committees as assigned.

Working Conditions:

• Physical surroundings are generally pleasant and comfortable with protection from weather conditions but not necessarily from temperature changes.
• Normally seated with freedom of movement on a regular basis.
• Frequent lifting of one to ten pounds; occasional lifting up to 20 pounds.
• Extensive operation of computers and other office equipment requiring dexterity and coordination and frequent use of hands.

Those holding this position must be capable of performing all duties and responsibilities, either unaided or with the assistance of a reasonable accommodation, as determined by management.

The Bank has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the bank reserves the right to change this job description and/or assign tasks for the employee to perform, as the Bank may deem appropriate. 

Requirements

Position Qualifications and Education Requirements:

• Bachelor’s degree in information security, cybersecurity, business, finance, risk management, or a related field, or equivalent combination of education and experience.
• One to three years of experience in information security, third-party risk management, business continuity, enterprise risk management, audit, compliance, or a related area preferred.
• Experience with banking regulations, risk management principles, and control frameworks relevant to information security, third-party risk management, business continuity and incident management preferred.
• Working knowledge of network and security technologies, such as firewalls, VPNs, multi-factor authentication, IDS/IPS, switches, routers, M365, and Active Directory, preferred.
• Proficiency in Microsoft Outlook, Word, and Excel; familiarity with Ncontracts or similar governance, risk, and compliance platforms preferred.
• Strong analytical, organizational, and documentation skills with close attention to detail.
• Effective verbal and written communication skills, with the ability to work collaboratively across departments.
• Ability to manage multiple priorities, adapt to changing needs, and work both independently and as part of a team.
• Dependable and able to meet attendance, punctuality, confidentiality, and professional conduct standards.
• Ability to travel to all Bank locations.