Information Security Program Analyst II
The Woodlands, Texas
Employer: Woodforest National Bank
Industry: Technology Services
Salary: Competitive
Job type: Full-Time
Take the next step toward your new career today!
Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!
The Information Security Program Analyst II will work closely with the Information Security Manager to ensure the IS Program is in alignment with the Bank's regulatory and industry compliance requirements. The position is responsible for developing and implementing the organization's governance, risk management, and compliance framework. This role involves identifying risks, ensuring regulatory compliance, and promoting a culture of compliance throughout the organization. The position will also provide program oversight and work with business owners to validate Information Security controls are working as designed.
Key Responsibilities:
• IS Program Oversight:
• Within the GRC tool assign, review, and approve Information Security controls quarterly in compliance with the Information Security Program.
• Assist in the coordination of internal and external resources, and achievement of the banks Report on Compliance for the annual PCI attestation.
• Contribute to the annual review of policies and assist in keeping policies current.
• In conjunction with business owner/s and database team, conduct database access review for key databases containing customer and cardholder data.
• Assist in conducting quarterly and annual business application access reviews.
• Perform a sample of branch security reviews on a quarterly basis to ensure adherence with expected policies and procedures including PCI Requirement 9 - Physical Access to Cardholder Data.
• Assist in conducting remote access and mobile access reviews.
• Participate in password, vulnerability scanning (external, internal, application), card holder data testing to ensure compliance with bank standards.
• Assist in reviewing configuration of DLP, HIPs, Encryption, and EDR systems and reports including monthly scans to ensure cardholder data and systems are secure.
• Participate in reviewing system configurations and generated reports to ensure server hardening meets applicable standards.
• Participate in the inspection and reviewing of sampling (PCI) firewall, router, switch, IDS/IPS configurations to ensure compliance with PCI standards.
• On an ongoing effort develop enhancements and make recommendations to controls, policies, and processes that will assist in the maturity of the Information Security Program.
• Additional Responsibilities:
• Coordinate vendor requested Information/Cybersecurity Attestations as needed.
• Attend monthly Information Security Committee meetings as required.
• Participate in industry/peer group/conferences as necessary to stay current with Information Security trends and best practices and/or Governance, Risk, and Compliance frameworks.
• Complete assigned industry and/or job-related training as required.
Competencies:
• Experience in cybersecurity risk management including threat and vulnerability management, aligning controls to frameworks, and improving cyber security maturity.
• Strong knowledge in regulatory requirements and audit frameworks, such as but not limited to PCI, NIST, and GLBA.
• Good leadership and project management skills.
Qualifications:
Minimum Qualifications/Experience:
• 3+ years' experience in information technology and/or information security governance required.
• 2+ years' experience in cybersecurity risk management and compliance with risk management frameworks required.
Formal Education & Certification:
• Bachelor's degree in an Information System, Information Technology, or a related discipline preferred, or an equivalent amount of directly related work experience.
• One or more of the following certifications is preferred:
• Certified Information Systems Auditor (CISA)
• Internal Security Assessor (ISA)
• Security +
Work Status:
• Full-time.
Supervisory Responsibility:
• None.
Travel:
• Less than 10% - Occasional local travel may be expected.
Working Conditions:
• Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.
Disclaimer:
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time.
Woodforest is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.
Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!
The Information Security Program Analyst II will work closely with the Information Security Manager to ensure the IS Program is in alignment with the Bank's regulatory and industry compliance requirements. The position is responsible for developing and implementing the organization's governance, risk management, and compliance framework. This role involves identifying risks, ensuring regulatory compliance, and promoting a culture of compliance throughout the organization. The position will also provide program oversight and work with business owners to validate Information Security controls are working as designed.
Key Responsibilities:
• IS Program Oversight:
• Within the GRC tool assign, review, and approve Information Security controls quarterly in compliance with the Information Security Program.
• Assist in the coordination of internal and external resources, and achievement of the banks Report on Compliance for the annual PCI attestation.
• Contribute to the annual review of policies and assist in keeping policies current.
• In conjunction with business owner/s and database team, conduct database access review for key databases containing customer and cardholder data.
• Assist in conducting quarterly and annual business application access reviews.
• Perform a sample of branch security reviews on a quarterly basis to ensure adherence with expected policies and procedures including PCI Requirement 9 - Physical Access to Cardholder Data.
• Assist in conducting remote access and mobile access reviews.
• Participate in password, vulnerability scanning (external, internal, application), card holder data testing to ensure compliance with bank standards.
• Assist in reviewing configuration of DLP, HIPs, Encryption, and EDR systems and reports including monthly scans to ensure cardholder data and systems are secure.
• Participate in reviewing system configurations and generated reports to ensure server hardening meets applicable standards.
• Participate in the inspection and reviewing of sampling (PCI) firewall, router, switch, IDS/IPS configurations to ensure compliance with PCI standards.
• On an ongoing effort develop enhancements and make recommendations to controls, policies, and processes that will assist in the maturity of the Information Security Program.
• Additional Responsibilities:
• Coordinate vendor requested Information/Cybersecurity Attestations as needed.
• Attend monthly Information Security Committee meetings as required.
• Participate in industry/peer group/conferences as necessary to stay current with Information Security trends and best practices and/or Governance, Risk, and Compliance frameworks.
• Complete assigned industry and/or job-related training as required.
Competencies:
• Experience in cybersecurity risk management including threat and vulnerability management, aligning controls to frameworks, and improving cyber security maturity.
• Strong knowledge in regulatory requirements and audit frameworks, such as but not limited to PCI, NIST, and GLBA.
• Good leadership and project management skills.
Qualifications:
Minimum Qualifications/Experience:
• 3+ years' experience in information technology and/or information security governance required.
• 2+ years' experience in cybersecurity risk management and compliance with risk management frameworks required.
Formal Education & Certification:
• Bachelor's degree in an Information System, Information Technology, or a related discipline preferred, or an equivalent amount of directly related work experience.
• One or more of the following certifications is preferred:
• Certified Information Systems Auditor (CISA)
• Internal Security Assessor (ISA)
• Security +
Work Status:
• Full-time.
Supervisory Responsibility:
• None.
Travel:
• Less than 10% - Occasional local travel may be expected.
Working Conditions:
• Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.
Disclaimer:
This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time.
Woodforest is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.
Created: 2024-10-16
Reference: 065494
Country: United States
State: Texas
City: The Woodlands
ZIP: 77380
Similar jobs:
-
Lead Management and Program Analyst NTE 1 year, MBE up to 5 years
Internal Revenue Service in Austin, Texas -
PROGRAM ANALYST
Air Force Personnel Center in Randolph AFB, Texas -
Management and Program Analyst
Defense Logistics Agency in Fort Sam Houston, Texas -
OCA - TIDC Program Specialist IV-VI (Policy Analyst/Senior Policy Analyst)
CAPPS in Austin, Texas -
OCA - Program Specialist III-IV (Judicial Information Analyst)
CAPPS in Austin, Texas -
Management and Program Analyst (Global Force Management)
U.S. Army North in Fort Sam Houston, Texas -
PROGRAM ANALYST
Department of the Air Force - Agency Wide in Randolph AFB, Texas -
Program Analyst
National Nuclear Security Administration in Amarillo, Texas -
Program Analyst (Technology Services), NF-04
Army Installation Management Command in Fort Sam Houston, Texas -
NASA Program Analyst
SAIC in Houston, Texas -
County Program Analyst
Farm Service Agency in Pearsall, Texas -
PROGRAM ANALYST
Department of the Air Force - Agency Wide in Randolph AFB, Texas -
MANAGEMENT & PROGRAM ANALYST
Department of the Air Force - Agency Wide in Lackland AFB, Texas -
Lead Program Analyst
United States Army Futures Command in Austin, Texas -
PROGRAM ANALYST
Department of the Air Force - Agency Wide in Randolph AFB, Texas -
Texas Council for Developmental Disabilities (TCDD) Public Policy Analyst (Program Specialist IV)
CAPPS in Austin, Texas -
MANAGEMENT AND PROGRAM ANALYST
Secretary of the Navy Offices (SECNAV) in Dallas, Texas -
PROGRAM ANALYST
Air Force Materiel Command in Kelly AFB, Texas -
Employee Benefits Associate Analyst - Career Development Program
USI Holdings Corporation in Houston, Texas -
Management and Program Analyst
U.S. Army South in Fort Sam Houston, Texas