The IT Security Analyst I is responsible for supporting the Bank's IT Security preventative and reactive measures including but not limited to Technology governance, risk, and compliance. IT governance-related duties include ensuring security controls are in place, effective, and that risks are recorded and actively being managed. 

 

Other tasks include configuration management, asset management, patch management, software/hardware lifecycle, threat intelligence, user activity monitoring, and reporting thereof. This role is expected to be fully aware of the Bank's security goals as established by its stated policies, procedures and guidelines and to actively work towards upholding those goals. Other duties include collaboration with senior IT Security personnel to optimize security tools and processes. Performs any functions, within scope of authority and expertise, to provide the highest level of service and responsiveness to customers and co-workers.

• IT Governance
   • Maintain the Bank’s IT security program control framework to ensure compliance with industry standards (NIST, CIS, FFIEC) and MSB’s IT security control requirements.  
   • Develop systems and processes for identifying, managing, and reporting risks.  
   • Provide governance, risk, and compliance data insights to drive improvement across the IT system.
   • Compile metrics/reporting for the weekly IT Governance report. Facilitate weekly presentation to stakeholders.
   • Design and implement security controls for our infrastructure and critical systems.
   • Assigns responsibility for IT Governance related issues and tracks them to resolution.
   • Continually working to improve the Banks overall security posture.
   • Track and understand emerging security practices and threats. Leverage this knowledge to improve security configurations across the enterprise and hunt for potential or active  t  threats.
   • Manage daily volume of offline computers.  Triage and resolve issues so computers can join network and be managed.  
   • Reconcile asset type risk scores regularly and report metrics and issues to IT Division.
• IT Security Control Programs
   • Configuration Hardening:
          ▪ Conduct hardening assessments of hardware and software to identify noncompliance of standards and define remediation   requirements.
          ▪ Regular maintenance of configuration hardening benchmarks.
   • Vulnerability Management:
          ▪ Monitoring, delegation, and investigation of vulnerabilities in a severity-prioritized process.
          ▪ Development, deployment, and automation of scripts for remediation of vulnerabilities.
   • Patch Management:
          ▪ Systematic testing, deployment, and reporting of system patches.
   • Threat Intelligence:
          ▪ Monitor, triage, and report on Threat Intelligence alerts accordingly.
   • Software/Hardware Management:
          ▪ Reconciliation of end-of-life/end-of-support hardware and software.
          ▪ Authorization of software based on weight of business need and risk.
          ▪ Regular upkeep of software versions within Bank infrastructure.
• System & Application Administration
  • Workstation ownership - building, securing, and ongoing management of assigned workstation assets.
  • Identifying and mitigating vulnerabilities on assigned assets and applications.
  • Application ownership – configuring, implementing, securing, and ongoing management of the Bank’s security applications.
  Security Operations
  • Recommend additional security solutions or enhancements to existing security solutions to improve overall security.
  • Participate in investigations into problematic activity.
  • Consults with third party vendors/suppliers as required.

Education

• Bachelor's Degree in computer science, information systems or equivalent work experience is required

Work Experience

• 2+ years experience supporting security components and applying security best practices across an enterprise application/network infrastructure is required

Additional Requirements

• Experience with managing and securing Microsoft Windows or Linux is preferred.
• Working knowledge of IT security controls and how to determine their effectiveness.

Knowledge, Skills, and Abilities

• Understanding of common security technologies and functions (Endpoint AV, Patch Management, Encryption, Vulnerability Scanning, etc.)
• Working knowledge of common operating systems (Windows, Linux, etc.) and basic endpoint security principles
• Passion and enthusiasm for Cyber Security
• Demonstrates excellent communication, facilitation, efficient decision making and problem solving skills

Licenses and Certifications

• Certified Information Systems Security Professional (CISSP) or equivalent security related certification Preferred

The pay range is the salary we in good faith expect to pay for this role at the time of posting. Actual compensation paid may fluctuate higher or lower than the posted range and the range may be modified in the future due to several factors including, but not limited to, relevant experience, certifications, and qualifications, internal equity, adjustments to the requirements and responsibilities of the job, business needs, and economic and market data.

Middlesex Savings Bank is an Equal Opportunity Employer/protected Veterans/Individuals with Disabilities