Information Security Risk Analyst

Primary Purpose of Job
Supports the company’s information security program to ensure that policies, procedures, standards and practices are in place to adequately identify, assess, mitigate, manage, monitor and report on key information security risks.  

Major Job Accountabilities

• Works with IT and internal operations to ensure the safeguarding of all confidential, proprietary, privileged, and protected information assets, including customer data.  Monitors essential processes to ensure compliance with policies, standards, practices and guidelines.  
• Assists with compliance to applicable information security laws, regulatory requirements and Bank policies and procedures, including but not limited to GLBA, FACTA, PCI DSS, Anti-Money Laundering laws and regulations, Bank Secrecy Act,  and USA PATRIOT Act.  
• Develops and performs information security and vulnerability assessments, and testing on applications, systems, and infrastructure to ensure appropriate protection of sensitive customer and company information; performs risk analysis and recommends remediation for deficiencies. Tracks and reassesses remediation activities to ensure compliance with policies and operational standards.  
• Performs information security risk management activities including risk assessments, vendor reviews, and monitoring remediation of identified gaps and issues.
• Develops reporting metrics and measurements of program effectiveness and provides analysis.
• Ensures technical enforcement of internal security policies to maintain the integrity of the networks, systems and applications utilized throughout the organization, including functionality of user access controls.
• Develops and conducts bank-wide/departmental information security training.  Maintains current knowledge of evolving cyber security risks, new and evolving trends with mitigation tools and changes to security regulations affecting financial institutions.
• Recommends, maintains, develops, and revises all information security governance documentation. 
• Builds and matures a culture focused on the proactive awareness and improvement of the risk environment.
• May occasionally work evening/night hours as needed to address critical situations.

Experience Required

• Two (2) years of direct work experience in developing information security programs and assessing effectiveness of such programs, preferably within a financial services organization.
• Two (2) years of experience with risk management frameworks and concepts.
• Two (2) years of working knowledge of security frameworks and general areas of information security. 

Required Skills or Training

• Self-motivated learner bringing a sense of enthusiasm to a hands-on working environment.  
• Knowledge of risk management concepts with a background in financial, regulatory, information security, and/or enterprise risk management. 
• Critical thinker with the ability to research, assess, and communicate IT risks and develop, recommend, and monitor corresponding controls.
• Ability to build and maintain relationships across diverse technical and non-technical teams.
• Demonstrates excellent interpersonal, verbal, and writing skills to effectively communicate to a diverse audience.
• Demonstrates acute analytical skills, including the ability to consolidate broad data sets from multiple sources, both internal and external, to identify patterns and/or risk factors.
• Demonstrates a working understanding of a broad range of Security Frameworks and standards such as PCI, NIST, ISO 2700 series, etc. Knowledge of the SOX, Federal Financial Institutions Examination Council (FFIEC) and section 501(b) of the Gramm-Leach-Bliley Act is a plus.
• Knowledge of networking, operating systems, platforms, client/server, web applications, and general information security technologies is a plus.

EOE, including disability/veterans

At American Savings Bank, we welcome and support all individuals and celebrate the diversity of our team members, customers and community. We are committed to ensuring that our online application process is accessible and provides an equal employment opportunity to all job seekers. If you need assistance searching for a job or submitting an application, please contact us by calling 808-538-2000 and a member of our Recruitment team will follow up with you. Mahalo for your interest in American Savings Bank!