Senior Information Security Analyst

Stock Yards Bancorp, Inc. (NASDAQ: SYBT), parent company of Stock Yards Bank & Trust Company, with offices in Louisville, Central, Eastern and Northern Kentucky, as well as the Indianapolis, Indiana and Cincinnati, Ohio metropolitan markets.

Job Title: Senior Information Security Analyst

Department: Information Security

Reports To: Information Security Operations Manager

FLSA Status: Exempt

Hours of Operation: Monday – Friday 8:00 AM – 5:00 PM – (Unless otherwise approved)

45 hours per week, On-call after hours

Organizational Duties And Responsibilities

• Supports the mission, vision, and philosophy of the Bank. Complies willingly with all organizational policies and procedures.
• Supports all functions that maintain compliance with regulatory agencies.
• Complete relevant annual training upon approval by the Director of Information Security.
  
  

General Job Summary

The Senior Information Security Analyst is responsible for safeguarding the organization's information assets by implementing and managing advanced security measures. The role encompasses vulnerability management, patch management oversight, email security, data loss prevention (DLP), anti-virus and endpoint detection and response (EDR) systems, security monitoring, incident response, and comprehensive reporting. The incumbent is expected to ensure regulatory compliance, mitigate security risks, and enhance the organization's overall security posture through proactive measures and collaboration with cross-functional teams.

Vulnerability Management

Essential Duties and Responsibilities:

• Conduct regular vulnerability assessments and penetration testing across systems and networks.
• Analyze and prioritize vulnerabilities; develop and implement remediation plans.
• Collaborate with IT and development teams to address security weaknesses.
• Stay current with emerging vulnerabilities and threat landscapes.
  
  

Patch Management Oversight

• Lead and manage the patch management process for software and hardware components.
• Coordinate with system administrators and vendors to ensure timely application of patches.
• Develop and enforce patch management policies and procedures.
• Monitor patch deployment effectiveness and address implementation issues.
  
  

Email Security

• Implement and manage email security solutions to protect against phishing, spam, and malware.
• Monitor email systems for security threats and respond promptly to incidents.
• Develop policies and train staff on secure email practices.
  
  

Data Loss Prevention (DLP)

• Deploy and maintain DLP solutions to prevent unauthorized access or disclosure of sensitive data.
• Define and enforce DLP policies; monitor compliance.
• Investigate and address DLP alerts and incidents.
  
  

Anti-Virus/Endpoint Detection And Response (EDR)

• Manage anti-virus and EDR systems across all endpoints to detect and mitigate security threats.
• Ensure endpoints are protected with up-to-date security software and definitions.
• Respond to security alerts from anti-virus and EDR systems; coordinate remediation efforts.
  
  

Security Monitoring And Incident Response

• Monitor security systems, including SIEM tools and intrusion detection systems.
• Analyze security logs to identify potential threats and anomalies.
• Perform privilege access management systems, enforcing least privilege principles and monitoring access controls.
• Participate in incident response activities, including investigation, containment, and recovery.
• Document incidents and implement improvements to prevent recurrence.
  
  

Reporting

• Prepare detailed security reports for management and stakeholders.
• Develop metrics and dashboards to measure the effectiveness of security initiatives.
• Communicate security issues and recommendations to technical and non-technical audiences.
  
  

Compliance And Policy Enforcement

• Ensure adherence to all relevant security policies, standards, and regulatory requirements.
• Assist in developing, reviewing, and updating information security policies and procedures.
• Support internal and external audits; address compliance gaps.
  
  

Security Awareness And Training

• Contribute to security awareness programs; develop training materials and deliver presentations.
• Educate employees on best practices and emerging threats.
  
  

Additional Duties

• Evaluate and recommend security technologies and solutions.
• Stay informed about cybersecurity trends and best practices.
• Mentor junior team members and provide guidance on security matters.
  
  

Other Functions

• Complete information security projects and implement new tools.
• Research new data security trends, keep up-to-date with current events and new threats in data security, and participate in relevant training courses.
• Make recommendations to the Director of Information Security to improve network and mainframe security.
• Expertise in performing Information Security Analyst(s) or Information Security Operations Manager functions where redundancy is necessary.
• Provide assistance to Internal Audit and regulators with IT-related requests.
• Complete other job-related duties, and/or projects, as assigned.
  
  

Working Conditions

Office environment with some travel to enterprise locations, company-sponsored events, training, or as directed.

Minimum Job Requirements

Education: Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field. Advanced degrees or relevant certifications are advantageous.

Experience

• Minimum of five (5) years of experience in information security with a focus on vulnerability management, patch management, email security, DLP, and endpoint security.
• Proven experience with security tools such as vulnerability scanners, SIEM platforms, EDR solutions, and email security systems.
  
  

Comprehensive Skills

Employees are expected to represent the Bank in a professional manner to customers and outside contacts.

Employees must have excellent interpersonal communication skills, consisting of the ability to write and speak effectively to others. Employees must be a productive team player, with the ability to learn, apply training and comprehend policies and procedures. Employees should also be flexible to changing working situations and able to meet deadlines as they arise.

Specific Skills

• Strong understanding of network protocols, operating systems, and database security.
• Familiarity with regulatory compliance requirements (e.g., FFIEC, GLBA, PCI DSS).
• Proficiency in scripting or programming languages for automation purposes.
• Excellent analytical, problem-solving, and organizational skills.
• Exceptional communication skills, both verbal and written.
  
  

Specialized

Familiar with Cybersecurity related systems

Licenses

Professional certifications such as CISSP, SSCP, GIAC, or other related certification(s), or willingness to obtain within one year.

Physical Requirements

The physical demands described here are representative of those that must be met by an employee in order to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Primarily sedentary work performed in an office environment
• Ability to sit for extended periods of time while working at a computer
• Frequent use of hands and fingers to operate a computer, keyboard, mouse, and other office equipment
• Ability to speak clearly and hear well enough to communicate with clients, team members, and vendors via phone, video, and in person
• Visual acuity sufficient to read computer screens, printed documents, and financial data
• Occasional standing, walking, bending, or reaching
• Ability to lift and carry up to 10–15 pounds occasionally (e.g., files, office supplies)
• Ability to lift and carry up to 10–15 pounds occasionally (e.g., files, office supplies)
  
  

Employees must also have the ability and means to travel as necessary for the purpose of attending training, meetings, and other various business functions.

Benefits

• 401(K) with a company match of up to 6%
• ESOP employer match
• Medical insurance
• Dental insurance
• Vision insurance
• Cancer/Disease insurance
• Accident insurance
• Flexible Spending Accounts
• Flexible Savings Accounts
• Health Savings Accounts
• Bank paid Life/AD&D insurance
• Voluntary Life/AD&D insurance
• Bank paid Short-Term and Long-Term Disability insurance
• Employee Stock Purchase Plan
• Employee Assistance Program