CYBER SECURITY ANALYST - CORP. IT SECURITY - FIRSTBANK PR Job at First Bank in S

CYBER SECURITY ANALYST FIRSTBANK Our Company At FirstBank PR, we strive to be a trusted advisor to our clients and our employees are the ones that ensure we deliver on our promise of excellence in personalized customer service. Our more than 3,100 employees in Puerto Rico, the Virgin Islands and Florida share a passion for excellent customer service. We are proud of our team because they are continuously surpassing our clients’ expectations. Do you have a passion for helping customers, building relationships, and delivering extraordinary, personalized customer service? If your answer is yes, FirstBank is the number one place for you. Overview The Cyber Security Analyst is responsible for assisting the IT Security Manager and the Chief Information Security Officer (CISO) in identifying, mitigating, and responding to Information Security risks. This role performs complex analyses of high impact and sensitive systems to determine the appropriate security approach based on anticipated threat vectors. It conducts cybersecurity key management tasks and strategies enabling the integration of cyber operations with FirstBank’s cybersecurity posture. The Cyber Security Analyst will be part of the Corporate Security Office (CSO), which is responsible for managing the Bank’s Information Security strategy, including developing IT standards, policies, and procedures to comply with applicable laws/regulations and industry best practices. What You’ll Need to Succeed Responsibilities Manage and oversee the organization’s firewall infrastructure, ensuring robust security measures, conducting regular audits, and implementing updates to maintain network security integrity. Provide feedback on cybersecurity in the development/update of Information Security (IS) policies, procedures, standards, and guidelines. Assist the IT Security Manager and/or CISO to respond and mitigate cybersecurity risks for internal control improvements. Assist in the selection and tailoring of approaches, methods, and tools to support service offerings to applicable business units. Oversee and monitor critical Information Technology / Information Security third-party service providers and ensure compliance with contracts/terms. Coordinate Penetration Tests and Vulnerability Scans and evaluate results to proactively identify and fix security flaws and vulnerabilities. Assess and prioritize vulnerabilities using a risk-based approach to expedite remediation. Manage and serve as the custodian of all risk response efforts regarding the Vulnerability Management process. Participate in the Vulnerability Management Board (VMB) and oversee Patch Management to remediate outstanding risks. In conjunction with the ERM Department, participate in the Incident Response Process to detect, investigate and recover from security incidents and assist with incident response plans where applicable. Work with the IT Risk Management unit in the execution of the Cyber Security Risk Assessment. Periodically report on the Cyber Security Posture of the Corporation to Senior and Executive Management. Perform research and analysis of emerging and disruptive Information Technology / Information Security trends and tendencies that may affect the Corporation. Conduct intelligence analysis of external threats targeting the financial industry and leverage internal data to gauge potential impact on business operations. Monitor vulnerability notices and provide engineering support for security patch distribution. What You’ll Need A bachelor’s degree in information technology, Computer Science, engineering, or business. 3-6 years of Information Security experience or experience in a similar position within the Banking Industry. CISSP, CISM or other similar certification is highly desired but not required. A master’s degree in computer science, information systems, engineering, or MBA is desired but not required. Strong understanding of Information Security Frameworks such as COBIT 5, ISO 27000, NIST, and others is required. Exercise excellent written communication skills with experience drafting guidance documents. Understand complex business and Information Technology / Information Security processes. Familiarity with vulnerability assessment and penetration testing best practices. Understand and be proficient in common cyber threat terminology, methodologies, with basic understanding of cyber incident response and related current events. Knowledge of databases, Web Applications, Network and communication Infrastructure, operating systems (e.g., IBM, Unix, Linux and Windows), security technologies (firewalls, IDS/IPS, etc.). Strong working knowledge of Information and System Security, internal control frameworks such as COBIT, ISO 27000, NIST, etc. Understanding of IT knowledge within the Banking Industry. A strong understanding of Information Security regulatory requirements and compliance issues, with experience related to FDIC, FFIEC, SOX, etc. Ability to work with minimum supervision. Strong analytical and problem-solving skills. EQUAL EMPLOYMENT OPPORTUNITY EMPLOYER #J-18808-Ljbffr In Summary: The Cyber Security Analyst is responsible for assisting the IT Security Manager and the Chief Information Security Officer (CISO) in identifying, mitigating, and responding to Information Security risks . This role performs complex analyses of high impact and sensitive systems to determine the appropriate security approach based on anticipated threat vectors . En Español: En FirstBank PR, nos esforzamos por ser un asesor confiable para nuestros clientes y nuestros empleados son los que garantizan cumplir nuestra promesa de excelencia en servicio al cliente personalizado. Nuestros más de 3.100 empleados en Puerto Rico, las Islas Vírgenes y Florida comparten una pasión por el excelente servicio al Cliente. Estamos orgullosos de nuestro equipo porque superan continuamente las expectativas de nuestros clientes ¿Tienes la pasión de ayudar a los clientes, construir relaciones y brindar servicios al cliente extraordinarios y personalizados? Gestionar y supervisar la infraestructura de firewall de la organización, garantizar medidas de seguridad sólidas, llevar a cabo auditorías regulares e implementar actualizaciones para mantener la integridad de la seguridad de la red. Proporcionar retroalimentación sobre ciberseguridad en el desarrollo/actualización de políticas, procedimientos, estándares y pautas de Seguridad de la Información (IS). Ayudar al gerente de seguridad informática y / o CISO a responder y mitigar los riesgos de cibersecuridad para mejoras del control interno. Asistir en la selección y adaptación de enfoques, métodos de respuesta y herramientas para apoyar las ofertas de servicios a las unidades comerciales aplicables. Supervisar y monitorear críticos proveedores de servicios externos de Tecnología de la información/Seguridad de La Información y asegurar el cumplimiento de contratos/términos. Coordinar pruebas de penetración y escalones de vulnerabilidad y evaluar resultados para identificar de forma fija fallas y evaluaciones de seguridad. Trabajar con la unidad de gestión del riesgo informático en la ejecución de la evaluación de riesgos de ciberseguridad. Informar periódicamente sobre la postura de seguridad cibernética de la corporación a los altos y ejecutivos directivos. Realizar investigación y análisis de las tendencias y tendencias emergentes y disruptivas de tecnología de la información / Seguridad de la Información que pueden afectar a la Corporación. Llevar a cabo el análisis de inteligencia de amenazas externas dirigidas a la industria financiera y aprovechar datos internos para medir el impacto potencial en las operaciones empresariales. Monitorear avisos de vulnerabilidad y proporcionar soporte técnico para la distribución de parches de seguridad. Lo que necesitará Una licenciatura en Tecnología de la Information, Ciencias de la Computación, Ingeniería o Negocios. 3-6 años de experiencia en seguridad de información o experiencia en una posición similar dentro de la Industria Bancaria. CISSP, CISM u otra certificación similar es muy deseada pero no requerida. Un título de maestría en ciencias de información, sistemas, ingeniería de conocimientos básicos, etc., pero no se requiere una mejor comprensión de documentos escritos tales como Capacitación de seguridad, Cuadro de control de seguridad de datos y excelente experiencia de comunicación con ISO 27000, Exterminación de conocimiento de prácticas de TI/C e Innovación. Comprender y ser experto en terminología común de amenazas cibernéticas, metodologías, con una comprensión básica de la respuesta a incidentes cibernáticos y eventos actuales relacionados. Conocimiento de bases de datos, aplicaciones web, infraestructura de redes y comunicaciones, sistemas operativos (por ejemplo, IBM, Unix, Linux e Windows), tecnologías de seguridad (firewalls, IDS/IPS, etc.).