Business Analyst

Corp. IT Security Dept.

Job Summary

The Information Security (IS) Specialist assists the Information Security Manager and the Corporate Security Officer (CSO) in the modification and maintenance of the IS strategy for the Corporation, which includes IS policies, standards and procedures.

In addition, the IS Specialist will have the responsibility of keeping the day to day monitoring of the Business Integration Group (BIG) and IT related audit findings including Internal Audit, SOX, FDIC, IT Risk and External Auditors. Moreover, the IS Specialist will be also responsible for the proper documentation of new Corporate Security Office vendors and the annual review process.

Essential Responsibilities

• Assists in the development/update of IT policies, procedures, standards, and guidelines related to information security.
• Assists in maintaining the Corporate Information Security strategy and Information Security Program in accordance with internal policies, laws/regulations and industry best practices.
• Monitors compliance with the Information Security Program and provide support to the Corporate Security Office preparing reports for GLBA, Audit Committee and the Board of Directors.
• Support the CSO with IS monitoring metrics such as KRIs/Scorecards/Dashboards.
• Supports the CSO preparing and maintaining IS Self-Assessments to identify potential information security risks.
• Participates in all IT security related audit meetings such as: kick-off or entry meetings, and closing meetings.
• Follow-up on outstanding IT and Business Integration Group (BIG) audit and regulators observations and other risks to ensure proper resolution.
• Follows up with applicable Managers on all BIG audits finding remediation.
• Recommends corrective actions and obtain commitments to correct deficiencies.
• Participates in special projects and research as it relates to Corporate Security, including assessing current relationships, the need for request for proposals (RFPs), and coordinating upgrades to current, or transition to new vendors.
• Provide support reviewing IT Security Controls and provide follow ups and effective monitoring process.
• Provide support during the preparation of the Security awareness training.
• Responsible for the proper documentation of Corporate Security Related vendors following the Vendor Management Policy.

Other Responsibilities

• Accountable for adhering to the Bank’s BSA, AML and Office of Foreign Asset Control (OFCA) applicable policies. Employee must follow specific unit procedures developed in compliance with the policies. Employee is also responsible for reporting any suspicious activity and/or transactions in accordance with the Bank’s processes and comply with any mandatory BSA, AML and OFAC training assigned.

Independence of Judgment

The degree of judgment is related to the identification and definition of complex problems and integration/coordination of varied elements and its application to specific subjects.

Supervisory Responsibilities

This position does not have any direct supervisory responsibilities

Impact of Errors

The impact of errors of this position could affect other department activities and strategic results or Bank image through the regulatory agencies, customers and the community. The impact of errors of this position could also affect the essential activities for the Bank, either from other divisions or departments, or within.

Competencies

• Excellent verbal and written communication skills in English and Spanish
• Proficient in Computer Technology
• Proficient knowledge of Information Security Frameworks such as COBIT 5, ISO 27000, NIST and others is required
• Strong knowledge in IT Controls and how to comply with control objectives
  
• Strong interpersonal communication, leadership and team skills
• Able to work in a team oriented, highly demanding and fast paced environment.
• Strong analytical skills (analytical thinker) and self-starter
• Proficient in EXCEL, WORD, OUTLOOK, POWER POINT
• Organization and prioritization skills

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Specific vision abilities required by this job include close vision and distance vision. While performing the duties of this Job, the employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear. The employee is occasionally required to stand and walk.

Work Environment

Employees in this job work in an office environment with a comfortable room temperature, good lighting, and quiet conditions. May be required to travel and to work extended hours, including holidays, should these coincide with risk mitigation efforts or other projects/implementations.

Minimum Requirements

• 
  A Bachelor’s degree in Information Systems or Computer Science related field, and, at least three (3) to six (6) years of experience in a similar job is required, or equivalent combination of education and experience sufficient to successfully perform the essential functions of the job is required.

EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER