Top-Tier Bank in Midtown, Manhattan is seeking an Information Security Analyst for a temporary-to-permanent position!
Responsibilities:
Develop and maintain comprehensive security manuals.
Oversee daily monitoring of Data Loss Prevention tools such as Trellix EPO and TMS.
Use Spirion to create and run scans for detecting files containing Personally Identifiable Information (PII) and ensure compliance with the data retention policy.
Support efforts in assessing, managing, and remediating information security risks related to IT infrastructure, applications, platforms, and suppliers, ensuring clear requirements and timelines are established.
Regularly report on remediation progress to the Chief Information Security Officer (CISO) or Chief Risk Officer (CRO).
Conduct vulnerability scans using Qualys and monitor for new and existing threats, collaborating with IT and users to address them.
Prepare and present daily, weekly, and monthly security reports to identify issues and ensure timely remediation.
Manage Privileged Access Management (PAM) and generate reports.
Lead weekly IT meetings to discuss vulnerabilities, patches, and alarms triggered by security tools.
Stay updated on potential threats by monitoring sources like the Qualys Threat Protection Feed and CISA alerts, and ensure appropriate actions are taken to protect the network.
Analyze system events through the AlienVault SIEM and follow up on detected issues.
Monitor the network for malicious activity or exploitation using Tipping Point IPS.
Liaise with vendors for troubleshooting and maintaining security tools.
Qualifications:
2+ years of experience in managing information security governance, risk, and compliance.
Bachelor’s degree in a relevant field.
Security certifications (e.g., CISSP, CISA, CISM, CEH) are advantageous but not mandatory.
Solid knowledge of security frameworks such as NIST, SOC2, ISO, FFIEC, and NYDFS-Part500.
Strong communication, presentation, and writing skills, with fluency in English.
Experience with Governance, Risk, and Compliance (GRC) tools like RSA Archer.
