Register Login My Alerts

Senior Analyst, Information Security JM

Apply Login & Apply Shortlist  Back to search results
Purpose of Role:
The Senior Information Security Analyst is responsible for defending against information security incidents, and identifying, analysing, communicating, and containing these incidents when they do occur, in collaboration with Technology teams, partners and third party service providers. The Senior Analyst manages information security risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. The incumbent also supports the defence of the Bank’s networks, by ensuring that the Bank’s policies, standards and procedures related to the effective management of the Bank’s security posture are adhered to, and assists in the execution of security tests, assessments, exercises, simulations, investigation of security breaches, user training and other security activities as deemed necessary. The Senior Analyst plays an integral part in the development, implementation, and compliance of technical security across the enterprise. The Senior Analyst is responsible for managing risks related to information / cybersecurity and compliance and is part of a team of information security personnel to work closely with server and network operations to ensure stability of security posture. The incumbent may be required to liaise with internal and external auditors and participate in audit reviews throughout the year.

Key Accountabilities:
Governance:
  • Monitors compliance of the information security policies and standards. Raises incidents of non-compliance with manager and / or relevant parties to ensure resolution and learning
  • Generates key performance indicators and key risk indicators as agreed with manager
  • Modifies and updates security documentation as agreed with manager
  • Acts as an subject matter expert on information security projects and business as usual initiatives as needed, completes tasks assigned by project manager
  • Manages the information security request for services logs and email boxes, including the access logs and mailboxes daily, and assigning the request to respective team members, provides management with reports as to the status of requests received.
  • Maintains currency of operational procedures.
Incident management:
  • Collects and evaluates information required to investigate and remediate as necessary all alerts received from the onsite security tools and third party providers of information security services, e.g. IBM ISS, cloud security tools, network security tools, and data protection tools. 
  • Reviews alerts and data from sensors and documents formal, technical incident reports
  • Provides incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary.
  • From trends observed, recommends tasks to address common themes, to prevent the reoccurrence of false positive alerts, common errors and known vulnerabilities.
Identity access management:
  • Executes and monitors the privileged ID management processes, this involves but is not limited to the review of the privileged usage log(s) to ensure that usage is consistent with intended use / access granted, investigating anomalies and raising inconsistencies with manager.
  • Executes and monitors the user access attestation processes, follows up on anomalies and errors identified by the attestation and makes recommendations to manager for actions required.
Risk assessment and management:
  • Works with partners to ensure that risk assessments threat risk assessments (TRA) vulnerability scans / penetration testing) are completed as required.
  • Liaises with appropriate platform teams within Technology to ensure that remediation of vulnerabilities is addressed timely
  • Assists with the testing of new computers, software, switch hardware and routers before implementation to ensure security
  • Assists in responding to Audits and other examinations as requested by manager.
Information security operations:
  • Supports the implementation and maintenance of security tools in line with the Bank’s information security standards and industry best practices
  • Monitors, triages, and responds to alerts issued by the information security tools within SLA
  • Ensures that the appropriate logging infrastructure is maintained, and relevant system logs are captured.
  • Ensues data loss prevention processes are implemented and maintained.
  • Reviews and actions service requests / incidents and problems assigned to the information security queue within the SLA.
Security awareness:
  • Assists in implementing and conducting information security awareness activities, including reviewing training material for accuracy, arranging training events and one-on-one coaching.
  • Assists with implementing and conduction security simulation exercises.
  • In collaboration with partners, e.g. Technology managers, Operational Risk team, Learning & Development, Regulatory Affairs, and as directed by the manager, ensures that the security awareness programme meets all industry regulations, standards, and compliance requirements
Application and cloud security - to ensure application code implemented meets the established secure code standards and the cloud deployments are secured, thus mitigating the risk of unauthorised access to the bank and customers’ data:
  • Executes application security scans and follows up with respective stakeholders for effective remediation actions
  • Implements application security testing strategies as agreed with the manager; including working with third parties to execute the respective testing strategy or the actual completing of the respective strategy. Typical tests within strategies include, but not limited to; vulnerability scanning, penetration tests, access control tests,
  • Completes cloud security tasks as assigned by the manager; including but not limited to the configuration of cloud security tools and users’ access rights.

Critical Experience, Knowledge & Skills Required:
  • Undergraduate or postgraduate degree in Cybersecurity, Information Technology, Computer Science, Math, Physics, or a related field.
  • At least three years of experience in information security or
  • At least three years of experience in another IT function, especially IT audit
Or
  • Five or more years’ experience in information security or IT audit and one or more of the following or related professional certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Global Information Assurance Certification (GIAC)
  • Certified Information Systems Auditor (CISA).
  • Knowledge of or experience with regulatory compliance and information security management frameworks, e.g. IS027000, COBIT, NIST, etc., are desirable.
  • Practical experience with database and network security, application security, content filtering, vulnerability scanning, and anti-malware would be asset
  • Information security technologies - knowledge of technologies and technology-based solutions dealing with information security issues
  • Technical expertise in anti-virus solutions, virus outbreak management - the ability to differentiate virus activity from directed attack patterns
  • Information security management - knowledge of processes, tools, techniques and practices for assuring adherence to standards associated with accessing, altering and protecting organisational data
  • Decision making and critical thinking - knowledge of tools and techniques for effective use of a broad range of factors, assumptions, frameworks and perspectives when solving problems.
  • Ability to plan own work, to work unsupervised and to deliver to deadlines, working well under pressure while maintaining a professional image and approach
  • Enjoys imparting knowledge to others, without feeling threatened
  • Ability to perform independent analysis of complex problems and distil relevant findings and root causes
  • A team-focused mentality with proven ability to work effectively with diverse stakeholders
  • Ability to respond to computer security incidents according to the incident response procedures
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • Decision-making capabilities, ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • Ability to compile and analyse data for management reporting and metrics
  • An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
  • An understanding of organisational mission, values, and goals and consistent application of this knowledge
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • Ability to react to high pressure dynamic changing environments
 

JOB SNAPSHOT:
Function: Technology
Category: Technology
Position reports to: Senior Manager, Information Security Operations
 
 
Expiry Date: 8-12-2025
Reference
VAC-9236
Employer
CIBC FirstCaribbean International Bank
Hours
Full Time
Employment Type
Permanent
Sector
Network Operations, Administration & Security, Technology
Location
Jamaica, Kingston
Salary and benefits
In accordance with CIBC appropriate salary schedule.
Salary
Salary negotiable
Your Career Level
Senior Career
Years Experience
At least Three (3) years'
Your Education Level
Undergraduate Degree|in Cybersecurity
View Employer
Apply
Log In and Apply
Upload your CV/Resume
Additional Personal Details
Other details about you

Terms of Use/Notifications

Do you agree to our Terms of Use & Privacy Statement?

Receive updates & notifications from Caribbean Opus

Apply

Currency

The 10 islands have different currencies. We will be using USD as the general currency on the website.