Information Security Program Analyst II

Take the next step toward your new career today!

Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!

The Information Security Program Analyst II will work closely with the Information Security Manager to ensure the IS Program is in alignment with the Bank's regulatory and industry compliance requirements. The position is responsible for developing and implementing the organization's governance, risk management, and compliance framework. This role involves identifying risks, ensuring regulatory compliance, and promoting a culture of compliance throughout the organization. The position will also provide program oversight and work with business owners to validate Information Security controls are working as designed.

Key Responsibilities:

• IS Program Oversight:

• Within the GRC tool assign, review, and approve Information Security controls quarterly in compliance with the Information Security Program.

• Assist in the coordination of internal and external resources, and achievement of the banks Report on Compliance for the annual PCI attestation.

• Contribute to the annual review of policies and assist in keeping policies current.

• In conjunction with business owner/s and database team, conduct database access review for key databases containing customer and cardholder data.

• Assist in conducting quarterly and annual business application access reviews.

• Perform a sample of branch security reviews on a quarterly basis to ensure adherence with expected policies and procedures including PCI Requirement 9 - Physical Access to Cardholder Data.

• Assist in conducting remote access and mobile access reviews.

• Participate in password, vulnerability scanning (external, internal, application), card holder data testing to ensure compliance with bank standards.

• Assist in reviewing configuration of DLP, HIPs, Encryption, and EDR systems and reports including monthly scans to ensure cardholder data and systems are secure.

• Participate in reviewing system configurations and generated reports to ensure server hardening meets applicable standards.

• Participate in the inspection and reviewing of sampling (PCI) firewall, router, switch, IDS/IPS configurations to ensure compliance with PCI standards.

• On an ongoing effort develop enhancements and make recommendations to controls, policies, and processes that will assist in the maturity of the Information Security Program.

• Additional Responsibilities:

• Coordinate vendor requested Information/Cybersecurity Attestations as needed.

• Attend monthly Information Security Committee meetings as required.

• Participate in industry/peer group/conferences as necessary to stay current with Information Security trends and best practices and/or Governance, Risk, and Compliance frameworks.

• Complete assigned industry and/or job-related training as required.

Competencies:

• Experience in cybersecurity risk management including threat and vulnerability management, aligning controls to frameworks, and improving cyber security maturity.

• Strong knowledge in regulatory requirements and audit frameworks, such as but not limited to PCI, NIST, and GLBA.

• Good leadership and project management skills.

Qualifications:

Minimum Qualifications/Experience:

• 3+ years' experience in information technology and/or information security governance required.

• 2+ years' experience in cybersecurity risk management and compliance with risk management frameworks required.

Formal Education & Certification:

• Bachelor's degree in an Information System, Information Technology, or a related discipline preferred, or an equivalent amount of directly related work experience.

• One or more of the following certifications is preferred:

• Certified Information Systems Auditor (CISA)

• Internal Security Assessor (ISA)

• Security +

Work Status:

• Full-time.

Supervisory Responsibility:

• None.

Travel:

• Less than 10% - Occasional local travel may be expected.

Working Conditions:

• Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.

Disclaimer:

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management's right to assign or reassign duties and responsibilities to this job at any time.

Woodforest is an Equal Opportunity / Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status, or other status protected by law or regulation.