First Bank is hiring: CYBER SECURITY ANALYST - CORP. IT SECURITY - FIRSTBANK PR

CYBER SECURITY ANALYST

FIRSTBANK

Our Company

At FirstBank PR, we strive to be a trusted advisor to our clients and our employees are the ones that ensure we deliver on our promise of excellence in personalized customer service. Our more than 3,100 employees in Puerto Rico, the Virgin Islands and Florida share a passion for excellent customer service. We are proud of our team because they are continuously surpassing our clients’ expectations.

Do you have a passion for helping customers, building relationships, and delivering extraordinary, personalized customer service? If your answer is yes, FirstBank is the number one place for you.

Overview

The Cyber Security Analyst is responsible for assisting the IT Security Manager and the Chief Information Security Officer (CISO) in identifying, mitigating, and responding to Information Security risks. This role performs complex analyses of high impact and sensitive systems to determine the appropriate security approach based on anticipated threat vectors. It conducts cybersecurity key management tasks and strategies enabling the integration of cyber operations with FirstBank’s cybersecurity posture. The Cyber Security Analyst will be part of the Corporate Security Office (CSO), which is responsible for managing the Bank’s Information Security strategy, including developing IT standards, policies, and procedures to comply with applicable laws/regulations and industry best practices.

What You’ll Need to Succeed

Responsibilities

• Manage and oversee the organization’s firewall infrastructure, ensuring robust security measures, conducting regular audits, and implementing updates to maintain network security integrity.
• Provide feedback on cybersecurity in the development/update of Information Security (IS) policies, procedures, standards, and guidelines.
• Assist the IT Security Manager and/or CISO to respond and mitigate cybersecurity risks for internal control improvements.
• Assist in the selection and tailoring of approaches, methods, and tools to support service offerings to applicable business units.
• Oversee and monitor critical Information Technology / Information Security third-party service providers and ensure compliance with contracts/terms.
• Coordinate Penetration Tests and Vulnerability Scans and evaluate results to proactively identify and fix security flaws and vulnerabilities.
• Assess and prioritize vulnerabilities using a risk-based approach to expedite remediation.
• Manage and serve as the custodian of all risk response efforts regarding the Vulnerability Management process.
• Participate in the Vulnerability Management Board (VMB) and oversee Patch Management to remediate outstanding risks.
• In conjunction with the ERM Department, participate in the Incident Response Process to detect, investigate and recover from security incidents and assist with incident response plans where applicable.
• Work with the IT Risk Management unit in the execution of the Cyber Security Risk Assessment.
• Periodically report on the Cyber Security Posture of the Corporation to Senior and Executive Management.
• Perform research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the Corporation.
• Conduct intelligence analysis of external threats targeting the financial industry and leverage internal data to gauge potential impact on business operations.
• Monitor vulnerability notices and provide engineering support for security patch distribution.

What You’ll Need

• A bachelor’s degree in information technology, Computer Science, engineering, or business.
• 3-6 years of Information Security experience or experience in a similar position within the Banking Industry.
• CISSP, CISM or other similar certification is highly desired but not required.
• A master’s degree in computer science, information systems, engineering, or MBA is desired but not required. Strong understanding of Information Security Frameworks such as COBIT 5, ISO 27000, NIST, and others is required.
• Exercise excellent written communication skills with experience drafting guidance documents.
• Understand complex business and Information Technology / Information Security processes.
• Familiarity with vulnerability assessment and penetration testing best practices.
• Understand and be proficient in common cyber threat terminology, methodologies, with basic understanding of cyber incident response and related current events.
• Knowledge of databases, Web Applications, Network and communication Infrastructure, operating systems (e.g., IBM, Unix, Linux and Windows), security technologies (firewalls, IDS/IPS, etc.).
• Strong working knowledge of Information and System Security, internal control frameworks such as COBIT, ISO 27000, NIST, etc.
• Understanding of IT knowledge within the Banking Industry.
• A strong understanding of Information Security regulatory requirements and compliance issues, with experience related to FDIC, FFIEC, SOX, etc.
• Ability to work with minimum supervision.
• Strong analytical and problem-solving skills.

EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER