Under direction of the Information Security Officer (ISO), and in cooperation with the Technology Solutions Group (TSG), assist with the planning, coordination and oversight of certain technology related systems and programs, to include HarborOne Bank and any subsidiaries.
Manage the process for review and remediation as it relates to vulnerability scanning and penetration testing
Manage the process for review and remediation as it relates to patch management and overall end-point protection
Ensure changes for certain key, high risk systems are properly documented and authorized
Prepare and distribute reports as assigned, including a monthly and quarterly IT Security Status report.
Assist ISO with risk assessment processes.
Work with ISO and TSG management to track and validate TSG’s remediation responses to IT audit findings.
Work with the ISO and TSG Management to provide input with regard to proposed IT security solutions, and make recommendations in an effort to enhance the security posture of the Bank. Perform periodic IT security reviews, and control testing.
Monitor security systems for anomalies and respond to, or escalate potential security events as needed.
Assist with change control processes to ensure changes meet security requirements.
Assist with the development and coordination of metrics designed to guide security decisions and allocation of security-related resources.
Assist with policy and procedure documentation as it relates to the Information Security Program and system administrators
EDUCATION and/or EXPERIENCE
At least 4 years’ recent experience in the Information Technology field or related position in a bank or financial institution. IT and Vendor Risk Management – Vendor Due Diligence. Information security certifications preferred, Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or similar industry certification.
Experience with network security design, implementation, and support of an enterprise environment, preferably a banking environment.
Knowledge of compliance and regulatory program requirements, such as GLBA, MA201.CMR.17, and various FFIEC Guidelines.
Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables
Understanding of Microsoft security functions (Active Directory, Authentication, group policy, local policy, permissions etc.) and how to use these facilities to diagnose issues or increase security posture
Understanding of these key security control areas:
Endpoint protection systems (e.g. antivirus, file-integrity monitoring)
Intrusion Prevention Systems
System and Network Security Hardening
Data Loss Prevention
Knowledge of project management process and meeting defined goals in projects
Ability to review, assess risk for, and approve network change requests
Strong Communication skills (written and verbal) to accurately update projects, policies, procedures, and audit responses.
OTHER SKILLS AND ABILITIES
Strong familiarity with technological disciplines including; Microsoft SharePoint Server, SSRS, Visual Studio, MSSQL Microsoft Active Directory Services, Varonis, and risk assessment tools such as WolfPac
Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals. Ability to write routine reports and correspondence. Ability to speak effectively before groups of customers or employees of organization.
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.