Information Security Analyst (Remote)

About the job : Information Security Analyst (Remote)

Job Title : Information Security Analyst

Job Type : Full-Time / Contract - 2 years (renewable)

Role Summary :

Working collaboratively with the Information Security team and third-party service providers, the Information Security Analyst will contribute to the protection of the Bank's information assets. The incumbent will assist in identifying and analyzing security anomalies and applying mitigating actions as instructed by management. The Analyst will also assist in managing information security risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes.

The incumbent will help embed policies, standards, and procedures related to the Bank's security posture and will assist in security tests, risk assessments, exercises, simulations, initial investigations of security breaches, user training, and other security activities as needed. The Analyst will work closely with server and network operations to ensure stability of the Bank's information security posture and may liaise with internal and external auditors for audit reviews throughout the year.

Key Responsibilities :

Governance and risk management :

• Supports the manager with IT risk assessments, including information security assessments (ISAs), threat risk assessments (TRAs), vulnerability scans, penetration testing, etc., and follows up on open issues.
• Assists with validation of identified vulnerabilities as directed.
• Monitors compliance with information security policies and standards, raises incidents of non-compliance, and ensures resolution and learning.

Incident and problem management :

• Assists with collecting and evaluating information for investigating alerts from security tools and third-party providers.
• Immediately informs the manager of critical events.
• Prepares information for further investigation of incidents.
• Supports incident response and mitigation efforts.

Secrets management :

• Assists with requests for security profiles, reviews requests, and prepares drafts for approval.
• Helps maintain security matrices and reviews changes to user authentication.
• Assists with processing requests for certificates, tokens, and keys.
• Collects data for KPIs and KRIs.
• Tests new hardware and software for security compliance before deployment.
• Reviews and acts on security alerts within SLA.
• Performs other tasks as assigned.

Application and Cloud Security :

• Ensures application code and cloud deployments meet security standards.
• Assists with application security testing and coordinates tests with third-party providers.

J-18808-Ljbffr