Senior Information Security Analyst II
Location: Columbia, MD
Are you someone who seeks opportunity and has a true desire to grow your career with an organization that has enriched the lives of its clients and communities in the Greater Washington region for more than 150 years? If so, Sandy Spring Bank may be the perfect fit for you!
Sandy Spring Bank is a growing financial services company focused on creating real experiences for our employees, clients, shareholders and communities. We are proud to have been recognized by The Washington Post and the Baltimore Sun as a Top Workplace, by Forbes magazine as the #1 Bank in Maryland, as well as by American Banker as a Best Bank to Work For. It is our employees who play an integral role in shaping who we are as a company and upholding what matters most to us: people and relationships.
To help us attract the highest quality individuals, we offer a comprehensive benefits package to those who qualify. We offer competitive market salaries, paid time off, multiple retirement savings options, full health care options, life insurance, health care and dependent care flexible spending accounts, career development opportunities, tuition assistance and volunteer opportunities. We are proud to offer those, and so much more, making Sandy Spring Bank a remarkable place to work and build a career.
About The Job
Sandy Spring Bank is currently recruiting for a Sr. Information Security Analyst II in the Information Technology department. This position acts as the senior technical analyst of the Information Security team. Responsibilities include management of IS operations and projects under the guidance of the CISO. If you are the chosen candidate, you will be responsible for performing all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction; Provides guidance and direction for the protection of information systems assets to other functional units; Provides consultation and training on technical security topics to company Information Technology Professionals; Promotes awareness of information security best practices to company; Reviews, recommends & drafts policies, procedures, standards in accordance with overall IT policy, and Information Security best practices.
Areas of focus:
As an Information Security Analyst you will be responsible for ensuring appropriate security controls are in place that will safeguard digital and paper files and vital electronic infrastructure Including:
- Integrating as a team member within the Chief Information Security Office and ensure the confidentiality, integrity, and availability of information and business systems.
- Responsible for the planning, enforcement and audit of security policies and procedures which safeguard the integrity of and access to enterprise systems, files and data elements.
- Perform vulnerability assessments to identify and prioritize security exposures in the environment. Follow up with IT staff to remediate findings.
- Manage projects and implement initiatives surrounding information security.
- Conduct security audits and provide gap analysis against security practices and standards.
- Conduct the following assessments:
- Risk Assessment
- Penetration Testing
- Threat Modeling
- Compliance Reviews
- Continuous Monitoring
- Security Policy Development
- Security Architecture Design
- Mobile Security
- Design and conduct regular audits of computer systems to determine that they are operating securely and that data is protected from both internal and external attack.
- Assess assigned system to determine system security status and ensures adherence to security policy, procedures and standards. Design and recommend security policies and procedures.
- Prepare training materials for computer security education and awareness programs and trains end users on same.
- Monitor, evaluate, and maintain complex security systems according to industry best practices to safeguard internal information systems and databases.
- Review security requirements and subsequently review systems to determine if they have been designed and established to comply with established standards.
- Conduct investigations of security violations and breaches and recommend solutions; prepare reports on intrusions as necessary and provides analysis summary to management.
- Respond to queries and requests for computer security information and reports from both internal and external customers.
- Provide technical consultation on tasks; provides leadership and work guidance to less experienced personnel.
- Provide recommendations of product for upgrades, patches and other general security measures in order to better secure systems for various clients.
- Ensure appropriate controls are effective to monitor corporate compliance to policies & procedures.
- Ensure daily operational/administrative oversight of Security Operations tools including health and availability monitoring.
- Monitor the internal control systems to ensure that appropriate access policies are maintained.
- Conduct daily reviews of security alerts and reports.
- Review event logs, authentication and other security related logs.
- Compile and review security reports and scorecards.
- Review changes to server, desktop and network device configurations.
- Participate in Computer Security Incidence Response Team activities.
- Performs other work related duties as assigned.
- Willingness to be included in 24x7 on-call rotation.
- Security Event management system (SEIM), and firewalls
- Bachelor's Degree in Information Systems, Computer Science, or a related field is required.
- A minimum of 5-7 years of experience in the information security and/or IT risk management field related to network, host, database and/or application security in multiple operating system environments.
- A minimum of one industry certification (CISSP, GIAC, CISM, CAP, etc.) is required.
- Experience in cloud computing security capabilities and implementation.
- Proven ability to communicate professionally and effectively in written or oral format, along with the ability to think analytically and solve problems is required.
- Proven ability to interface with senior technical and business management is required.
- Proven ability to troubleshoot and resolve network/operating system security issues.
- A working knowledge of the following areas:
- Information Security Standards, Regulations, Guidelines, Frameworks and Best Practice (FISMA, NIST, ISO, COBIT, GLBA, SOX, PCI, HIPAA, OWASP, SANS, FFIEC, etc.)
- Information security testing and analysis tools
- Information security breach detection and prevention tools
- Perimeter and host security techniques and components
- Secure implementation of hardware and software
- Data networking protocols, standards, and infrastructure components
- Encryption techniques/tools and products
- Internet/Electronic Commerce/Intranet technologies
- Experience with some networking and security technologies such as IPSEC (Internet Security Protocol), VPN (Virtual Private Network), routers, switches, firewalls, intrusion detection and prevention, data leakage, WAF (Web Application Firewall)
Sandy Spring Bank requires COVID-19 vaccination(s) as a condition of employment for all employees. Submission of Covid-19 Vaccination Card is required if hired. Accommodations may be available for those who are unable to be vaccinated for medical or religious reasons.
Sandy Spring Bank is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law. We maintain a drug-free workplace environment and perform pre-employment substance abuse testing.
If you require a reasonable accommodation to apply for a position, please call our job line at 1-800-399-5919 and select option 5. Requests are considered on a case-by-case basis.