Amalgamated Bank seeks a full-time Senior Cyber Security Specialist to work closely with the Chief Information Security Officer (CISO) to manage security policies and evaluate new security solutions. The position requires a deep understanding of security products such as SIEM products, firewalls, VPNs, intrusion prevention, web proxies, vulnerability management and email filtering, and a working knowledge of standard anti-virus and advanced anti-malware technologies.
Essential Job Functions:
* Provide thorough knowledge and understanding in: computer networks, cloud and mobile devices, application architectures, databases and security products.
* Create and review security metrics with the CISO to measure effectiveness of the Bank's security program.
* Engage with IT to ensure non-compliant items are addressed in timely matter.
* Work with the relevant internal IT Infrastructure, Help Desk Support and Development teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
* Ensure that the IT systems are compliant with applicable regulations, policies, and industry guidance such as SANS Top 20, OWASP Top 10, ISO 27001, NIST 800-53 and CIS Security Benchmarks. Where gaps are identified, assist in planning and implementation of controls.
* Review security event log data and investigate anomalies.
* Perform testing to evaluate new products system security controls.
* Manage security related events and tracking of remediation process.
* Respond to, and where appropriate, resolve or escalate reported security incidents.
* Participate in IT projects and champion Information Security throughout the organization.
* Design, implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
* Design, manage, and troubleshoot security monitoring agents on information systems.
* Design, manage, support, report and track the vulnerability and penetration management program.
* Develop security guidelines for technology solutions for e.g.: NAC (network access controls) platforms, Data Loss Prevention (DLP), Endpoint Security platforms, etc.
* Support and manage cyber resiliency program in order to assess critical business processes against the known cyber threats and vulnerabilities.
* Manage formal risk assessments for information and cyber security processes within the Bank.
* Conduct information security risk assessments for the third-party vendor risk processes.
Knowledge, Skills and Experience Requirements:
* Bachelor's degree in computer science or related discipline or equivalent work experience
* Minimum 8 years in information technology with 3 years of information and cybersecurity relevant experience
* Strong knowledge of Information Security concepts including, but not limited to, audit reviews, risk assessment, awareness & training, identity access & management, data protection, secure SDLC, incident management, vulnerability assessment, third party IS assessment, secure configurations, patch management, etc.
* Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
* Build and maintain collaborative relationships with partners, clients and peers
* Ability to communicate effectively at different levels of the organization, and with various technical and business audiences
* Excellent problem solving abilities and analytical skills; ability to see the big picture with high attention to critical details
* Ability to achieve desired outcomes independently and at appropriate priority levels surrounding GLBA, SOX, FDIC, FFIEC, NYSDFS, ISO27001, and NIST
* Ability to multi-task effectively
* Ability to complete projects and perform daily tasks with minimal supervision
* Excellent oral, written, and presentation skills
* Ability to set and meet deadlines
* Strong fluency in using communication tools (Excel, PowerPoint, Visio, Word) to develop storyboards for frequent reporting purposes
* Strong interpersonal skills
* Outstanding technical skills including:
* Expert level knowledge of network and security architectures
* Good understanding of security constructs like encryption, DLP, anti-malware, IAM, mobile technologies, networking protocols and infrastructures design
* Direct experience with network and security technologies including switches, routers, firewalls, proxies, certificate authorities, cloud access security brokers, network access control, identity and access management technologies, etc.
* Knowledge of cloud deployment models and associated security risks
* Security monitoring tools (SIEM, auditing and log collection tools, network IDS/IPS, malware detection)
* Data analysis including normalization and anomaly recognition
* Encryption technologies and PKI infrastructure
* Networking technologies (TCP/IP/etc.) and protocols (SSL, SSH, LDAP, SMTP, DNS, etc.)
* Unix, Linux, and Windows Operating Systems and Microsoft Active Directory
Amalgamated Bank is an Equal Opportunity and Affirmative Action Employer, Minorities / Females / Individuals with Disability / Veterans Opens a New Window.AmeriCorps, Peace Corps and other national service alumni are encouraged to apply. View our Pay Transparency Statement Opens a New Window.Submission of a resume or any information regarding your qualifications does not constitute a promise or offer of employment. At Amalgamated Bank, we consider an applicant to be someone who has interviewed at least once, in person, with the hiring manager. Amalgamated Bank does not sponsor applicants for work visas.
About Amalgamated Bank
Amalgamated Bank provides personal and commercial banking products and services to working families, unions, commercial real estate industries, healthcare markets, institutional investors, law firms, non-profits, and political organizations.