Systems Security Officer

US-MA-Brockton
Job ID
2017-2235
Position Type
Officer Full-Time
Department
Enterprise Risk [001100]

Overview

Under direction of the Information Security Officer (ISO), and in cooperation with the Technology Solutions Group (TSG), assist with the planning, coordination and oversight of certain technology related systems and programs, to include HarborOne Bank and any subsidiaries.

Responsibilities

Manage the process for review and remediation as it relates to vulnerability scanning and penetration testing

 

Manage the process for review and remediation as it relates to patch management and overall end-point protection

 

Ensure changes for certain key, high risk systems are properly documented and authorized

 

Prepare and distribute reports as assigned, including a monthly and quarterly IT Security Status report.

 

Assist ISO with risk assessment processes.

 

Work with ISO and TSG management to track and validate TSG’s remediation responses to IT audit findings.

 

Work with the ISO and TSG Management to provide input with regard to proposed IT security solutions, and make recommendations in an effort to enhance the security posture of the Bank.  Perform periodic IT security reviews, and control testing.

 

Monitor security systems for anomalies and respond to, or escalate potential security events as needed.

 

Assist with change control processes to ensure changes meet security requirements.

 

Assist with the development and coordination of metrics designed to guide security decisions and allocation of security-related resources.

 

Assist with policy and procedure documentation as it relates to the Information Security Program and system administrators

 

Qualifications

EDUCATION and/or EXPERIENCE

At least 4 years’ recent experience in the Information Technology field or related position in a bank or financial institution.  IT and Vendor Risk Management – Vendor Due Diligence. Information security certifications preferred, Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or similar industry certification.

 

Experience with network security design, implementation, and support of an enterprise environment, preferably a banking environment.

 

Knowledge of compliance and regulatory program requirements, such as GLBA, MA201.CMR.17, and various FFIEC Guidelines.

 

Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables

 

Understanding of Microsoft security functions (Active Directory, Authentication, group policy, local policy, permissions etc.) and how to use these facilities to diagnose issues or increase security posture

 

Understanding of these key security control areas:

Risk Assessments
Endpoint protection systems (e.g. antivirus, file-integrity monitoring)
Intrusion Prevention Systems
Penetration Testing
Patch Management
System and Network Security Hardening
Data Loss Prevention
Multi-factor authentication
Control testing
Knowledge of project management process and meeting defined goals in projects

 

Ability to review, assess risk for, and approve network change requests

 

Strong Communication skills (written and verbal) to accurately update projects, policies, procedures, and audit responses.

 

OTHER SKILLS AND ABILITIES
Strong familiarity with technological disciplines including; Microsoft SharePoint Server, SSRS, Visual Studio, MSSQL Microsoft Active Directory Services, Varonis, and risk assessment tools such as WolfPac

 

LANGUAGE SKILLS
Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals. Ability to write routine reports and correspondence. Ability to speak effectively before groups of customers or employees of organization.

 

MATHEMATICAL SKILLS
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic               algebra and geometry.

 

REASONING ABILITY
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

 

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.