Security Analyst at US Century Bank

Description

The Security Analyst is a key contributor to the Bank’s information security program, working under the direction of the SVP/Information Security Officer. This role requires a strong foundation in Information Technology/Cybersecurity principles and a demonstrated ability to apply analytical and critical thinking skills to complex security challenges. The analyst supports the implementation and continuous improvement of security controls across the Bank’s infrastructure, in alignment with internal policies and regulatory requirements. Responsibilities include analyzing and triaging security alerts, conducting system and application reviews, validating compliance with hardening standards, and performing vulnerability assessments. The analyst is expected to interpret threat intelligence, assess system data for anomalies, and recommend proactive measures to mitigate risks. A critical aspect of this role is the ability to synthesize technical findings into actionable insights that support decision-making and regulatory compliance, including GLBA, Privacy, and FFIEC standards. This position involves regular collaboration with Risk Management, IT Operations, and other departments, and may include occasional interaction with external auditors or consultants.

Requirements

Essential Duties and Responsibilities: (Other duties and/or tasks might be assigned on a needed basis) 

1. Information Security and Cybersecurity Program (ISP) – Support security and risk management internal controls and business processes to ensure compliance with the Bank’s Information Security, Cybersecurity, and Incident Response programs. 
2. Security Reviews, Monitoring, and Testing – Assist with the ongoing monitoring of network and general computing controls established to protect information systems and assets (e.g., infrastructure, network, applications, hardware). These duties may include monitoring system alerts, performing periodic reviews, and tests of various security controls to assess effectiveness and adherence to Bank policy and security standards. Duties also include responding to end-user security alerts or queries, including suspicious phishing, business e-mail compromise reported by Bank customers or other security concerns. 
3. Security Infrastructure Support – Assist with health monitoring for security infrastructure, tools, and services. Ensure security systems are working as intended and policy configurations conform to Bank policy and security standards. Assist the SVP ISO during implementation, configuration changes, and ongoing of hardware and system software for security defenses, e.g., firewalls, endpoint av/am protection, web content filtering, data loss prevention, AD group policy configurations, intrusion detection system, network auditing solution, among others. 
4. Threat Vulnerability Analysis – Assists with periodic security scanning of enterprise assets to evaluate effectiveness of patch management and IT operational controls. Analyze vulnerabilities detected and new threats identified through various sources. Make recommendations to support mitigation efforts. Implement controls to ensure all assets are included in the scope of these assessments and that vulnerabilities are being appropriately detected and remediation activities are completed per Bank policies and procedures. 
5. Security Intelligence and Analyses – Comprehensive review of external alerts (e.g., FS-ISAC, US-CERT, CISA, MSSP) and intelligence publications to identify relevant developments and threats. Analyze and escalate to the SVP ISO, matters of relevance including ideas and recommendations to facilitate proactive response and risk mitigation. 
6. Security Risk Assessments and External Engagements – Actively participate with the team in threat hunting exercises, incident tabletop exercises, disaster recovery exercises, network penetration tests and other relevant external engagements. Provide support to fulfill information requests for security audits and consulting engagements.
7. Incident Response and Investigations – Assists the SVP ISO with handling of security events or incidents, following policy and procedures established. Support gathering information and data, preparing analyses and documentary support for security investigations. Supports the team with information required to meet regulatory filing requirements in connection with cybersecurity incidents (e.g., breach notifications, SAR filings by BSA/AML Compliance). 
8. Management Reporting Support – Assists the team as backup with data gathering, aggregation and reporting of key performance and risk indicators to facilitate the overall monitoring of cybersecurity posture. Also assist the SVP ISO with preparation of periodic security briefings and presentations for Management and Board-Level Committees. 
9. Access Management, Application Controls and FDICIA ITGC Compliance – Support the team, as needed, with the review and disposition of user access requests, ensuring compliance with the ISP. Support the team in maintaining documentation for user access profiles for critical applications. Work with the team and cross-functionally to ensure user access requests are executed in a timely fashion. Assist with the data staging, analysis, and preparation of user entitlement review for applications and systems. Support with periodic monitoring of administrator and user activity for critical applications and system. Escalate to Manager, instances of non-compliance, or suspected anomalies. Assist with updating logs to maintain key performance indicators for the area.
10. Third-Party/Vendor Risk Management Program – Assist with special tasks for evaluation of critical technology service providers (TSPs) and cloud-based services.
11. Other Tasks and Special Projects – Assist with special projects to improve the security posture of the Bank. Strategic initiatives or other special tasks may be assigned by the Supervisor or the Division head from time to time. 

Supervisory Responsibilities: None. 

Backup Duties: Assist as back-up when the SVP/ISO is out-of-office, by performing all the essential duties normally performed, escalating to the Division head any high-risk alerts or urgent matters requiring attention. Assist as back-up when other members of the risk management teams are out-of-office, as needed.

Responsible for compliance with following regulations (as applicable):

• Bank Secrecy Act (BSA)
• Anti Money Laundering (AML)
• Office of Foreign Asset Control (OFAC)
• Know your Customer (KYC)
• Deposit regulations (e.g., Reg. DD-      Truth in Savings, Reg. E-Electronic Funds Transfer Act, etc.)
• Lending regulations (e.g., Reg. B- Fair      Lending, Reg. C-HMDA, Reg. Z- Truth Lin Lending Act, etc.)
• Unfair, Deceptive, Abusive, Acts or      Practices (UDAAP)
• Community Reinvestment Act (CRA)
• Gramm-Leach-Bliley Act (GLBA) and      Privacy Act. 

USCB Policies and Procedures: All officers and employees of the Bank are to maintain an understanding of all USCB Policies and Procedures as outlined in the Bank’s intranet portal. All employees are to follow said policies and procedures and report any knowledge of a variance of the same.

Qualifications and Requirements: To perform this job successfully, the candidate must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be to enable individuals with a disability to perform the essential functions.

Language Skills: Effective verbal and written communication skills. Including ability to read, analyze, and interpret business and technical documents. Respond to inquiries or complaints from internal customers or external stakeholders conforming to service and communication standards adopted. Bilingual (English and Spanish) is a plus.

Education and Experience: Associate degree (A.S.) from a college or university, in computer science, cybersecurity or a technology-related field; candidate pursuing a bachelor’s degree (B.S. or B.A.) in computer science, cybersecurity or a technology-related field; one to two years of related experience or training in IT networking and cybersecurity; or equivalent combination of education and experience.

Other Skills:

Analytical and problem-solving skills.

Critical thinker, inquisitive and curious to learn. 

Time-management skills.

Proficient in MS Office applications, e.g., Word, Excel, Power Point, Teams.

Ability to write reports and business correspondence that conforms to prescribed style and format.

Ability to relate well with others and quickly create a working rapport. 

Ability to present complex information and analyses in a concise manner. 

Security certifications are a plus (e.g., CompTIA ITF+, CompTIA A+, CompTIA Security+)

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle, or feel objects or controls; reach with hands and arms; and talk or hear. The employee is occasionally required to stoop, kneel, crouch, or crawl. The employee may occasionally lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision. 

Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The work environment is a climate-controlled office setting where the noise level is usually moderate.

Work Habits: Include regular attendance, teamwork, initiative, dependability, and promptness.

Disclaimer: This job description is not employment agreement or contract. Management has the exclusive right to alter this job description at any time.