You are viewing a preview of this job. Log in or register to view more details about this job.

Information Security Analyst I

FHLB Dallas
Email

FHLB Dallas actively pursues dedicated and hardworking individuals to be a part of our professional team. The following pertains to the Information Security Analyst I role. Apply today! 

Responsible for assisting in the monitoring and executing a portion of the Bank’s Information Security Program.  Completes tasks designed to ensure security of the organization's systems and information assets.  Assists efforts related to application access administration for internal and external users; researches and analyzes operational risk issues; performs data analysis / mining to perform application access monitoring and operations risk monitoring; performs user acceptance and user production validation testing of applications to identify operational and security issues; performs vulnerability management, scanning, and reporting, lead investigations of possible security incidents, perform weekly and monthly reporting task on events, incidents, malware, and patching, and operates as a resource on assigned application or system implementation projects.

 

Proactively maintains the security infrastructure of the Bank through execution of administration activities, log analysis, and user administration. Assists in automation efforts of security controls and processes to provide better metrics and operational efficiency. Ability to quickly and efficiently resolve issues while maintaining elevated levels of customer satisfaction. This position supports the critical infrastructure providing services to our customers and will work with groups within the Bank to ensure the Information Security Program is operating effectively.  This requires knowledge of technical standards, regulations and best practices. Additionally, it demands persistent learning of new technologies, industry trends, and technical vulnerability and threats.

 

Responsible for assisting in detailed risk assessments and audits of enterprise systems and helping to establish IT practices to ensure ongoing risk mitigation and compliance; Implements and operates specific compliance toolsets designed to demonstrate continuous compliance of the enterprise security and IT environment.  Works closely with our Internal Audit team, external auditors, and our regulators to provide requested evidence and materials.  Coordinates and assists with leading annual access reviews, audit requests, license reviews, and policy/procedure reviews; Assists with efforts related to automating all relevant IT Security compliance processes and activities.

Participates in On-Call rotation in support of IT Security Incident Management.

 

PRIMARY RESPONSIBILITIES:                                                                

  • Responsible for the administration of access to applications, portals, and external business services as well as IT systems and services.  Performs routine administration review tasks, select system security reviews, including license compliance.  Responsible for reviewing and analyzing access requests for completeness, accuracy, and appropriateness (i.e. segregation of duties) and processing the access accurately, timely, and efficiently; Assists in identifying and automating security business processes. Acts as a liaison with teams when transitioning or decommissioning legacy applications.
  • Assists with leading the application access review program/process and associated automations. Prepares and reviews daily, monthly, and quarterly reports.  Makes recommendations to resolve operational issues.
  • Assists in efforts in designing and building efficient and scalable security automations that improve daily security operations, including automations for Access Reviews, Audits, Application Access, etc.
  • Responsible for carrying out key internal security testing processes as assigned by management.  Enhances own knowledge through understanding business trends and objectives.
  • Has in-depth knowledge of the Banks policies, procedures, and standards.  Assists with yearly policy and procedure reviews and recommends modification / update as required.  Draft and review procedures and desk reference guides.
  • Responsible for assisting in aspects of our Vulnerability Management Program, including leading meetings, developing reports and metrics, and establishing/recommending processes, controls and procedures related to the program.  Assists in developing reports, charts, and other presentations related to the IT Security program, such as reporting metrics on Audits, Access Reviews, Security Awareness Trainings, etc.  Ability to learn and utilize Power BI and/or other reporting technologies.
  • Responsible for execution on specific security tasks assigned from various projects
  • Supports the Banks business continuity efforts.  Documents, reviews, updates procedures related to application access controls or IT Security infrastructure that are executed in a disaster scenario.
  • Must be able to provide hands-on support for a wide range of security technologies including, but not limited to web content filtering, identity and access management, data loss prevention, firewalls, cloud security tools and vulnerability scanning. Responsible for assisting with cloud security solutions to include Security Incident and Event Monitoring (SIEM)/Security Orchestration, Security Automation and Response (SOAR); Write tutorials, how-to videos, and other technical articles for team’s administration guide reference.
  • Monitors and responds to potential information security threats.  Performs analysis of potential issues and documents in reports targeted to security management. Assists in the resolution of information security incidents.  Assists in building security automation.
  • Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, classroom training, and working towards relevant certifications.

 

JOB REQUIREMENTS:

  • Bachelor’s degree and 2+ years’ experience in an IT support role, or 4+ years progressive experience in an IT support role with experience in Information Systems Security and/or IT risk management/audit.
  • Detailed knowledge of application security processes and procedures.
  • Knowledge of Identity and Access concepts and technologies to secure production and corporate access, such as: Azure Active Directory (Microsoft Entra ID), SSO, etc.
  • Ability to understand and learn automation technologies and build applicable automations
  • Experience with broad array of security technologies, such as firewalls, SIEM/SOAR, endpoint security, and vulnerability management solutions (Qualys, Tenable).
  • Knowledge of system and network architecture; Local and wide area networking concepts, principles and protocols; encryption experience, including virtual private networks (VPNs), IPsec, SSL/TLS, LDAP and public key infrastructure (PKI).
  • Working knowledge of internal controls, compliance, regulations (such as Sarbanes Oxley), and IT Frameworks (such as NIST CSF, COBIT, ISO, and ITIL).  Understands segregation of duties within a business context.
  • Possesses understanding of concepts and knowledge in various information security areas, such as: Identity and Access Management, Security technology, Role-based Access Controls, Information Risk and Governance.
  • Ability to manage multiple complex challenges in parallel, and solve them with cost effective, highly automated, efficient, and proven security technologies or controls.
  • Highly detail oriented and driven to take initiative.
  • Must possess excellent communications and interpersonal skills and be able to effectively work with all levels of Bank management as well as external customers.
  • CISA, CISSP, or other applicable Information Assurance/Security certifications preferred. Experience in highly regulated environments including financial services or banking industry is preferred.
  • In depth, hands-on understanding and familiarity of Cloud security principles and technology. One or more Azure Certifications preferred.

 

FHLB Dallas Offers a Professional, Inclusive Culture

 

FHL Bank Dallas employees are committed to and exemplify the following principles:

  • Service to our members is first and foremost
  • All business will be conducted honestly and ethically
  • Each employee contributes to customer service by directly serving our members or supporting those who do
  • Interaction with members should focus on building professional relationships and helping customers achieve their goals
  • Cooperation and teamwork throughout and across all levels of FHLB Dallas are essential to its effectiveness
  • Colleagues and members will be treated with the utmost respect and dignity

 

FHLB Dallas provides equal employment opportunity to all individuals without regard to race, religion, color, sex, age, marital status, ancestry, veteran status, disability, or national origin. FHLB Dallas will consider for employment all persons on an individual basis consistent with job-related criteria without regard to visible and non-visible disabilities. Equal opportunity applies to all employment practices, including recruitment, screening, hiring, compensation and training, as well as other conditions and privileges of employment.