Information Security Analyst (Bank)

Top-Tier Bank in Midtown, Manhattan is seeking an Information Security Analyst for a temporary-to-permanent position!

Responsibilities:

• Develop and maintain comprehensive security manuals.
• Oversee daily monitoring of Data Loss Prevention tools such as Trellix EPO and TMS.
• Use Spirion to create and run scans for detecting files containing Personally Identifiable Information (PII) and ensure compliance with the data retention policy.
• Support efforts in assessing, managing, and remediating information security risks related to IT infrastructure, applications, platforms, and suppliers, ensuring clear requirements and timelines are established.
• Regularly report on remediation progress to the Chief Information Security Officer (CISO) or Chief Risk Officer (CRO).
• Conduct vulnerability scans using Qualys and monitor for new and existing threats, collaborating with IT and users to address them.
• Prepare and present daily, weekly, and monthly security reports to identify issues and ensure timely remediation.
• Manage Privileged Access Management (PAM) and generate reports.
• Lead weekly IT meetings to discuss vulnerabilities, patches, and alarms triggered by security tools.
• Stay updated on potential threats by monitoring sources like the Qualys Threat Protection Feed and CISA alerts, and ensure appropriate actions are taken to protect the network.
• Analyze system events through the AlienVault SIEM and follow up on detected issues.
• Monitor the network for malicious activity or exploitation using Tipping Point IPS.
• Liaise with vendors for troubleshooting and maintaining security tools.

Qualifications:

• 2+ years of experience in managing information security governance, risk, and compliance.
• Bachelor’s degree in a relevant field.
• Security certifications (e.g., CISSP, CISA, CISM, CEH) are advantageous but not mandatory.
• Solid knowledge of security frameworks such as NIST, SOC2, ISO, FFIEC, and NYDFS-Part500.
• Strong communication, presentation, and writing skills, with fluency in English.
• Experience with Governance, Risk, and Compliance (GRC) tools like RSA Archer.
• Proficient in Microsoft Office applications.
• Spoken Mandarin is strongly preferred