INFORMATION SECURITY ANALYST IV
WHAT IS THE OPPORTUNITY?
The Information Security Analyst plays key role in the Information Security program with responsibility for collecting and analyzing technical and qualitative security data to provide actionable recommendations to bank leadership to mitigate security risk.
The Information Security Analyst is a subject-area specialist with specialized training, methods and analytic techniques to create recommendations and directions for cyber risk mitigation in a complex technical environment.
The Information Security Analyst role requires extensive critical thinking and problem solving, often using specialized frameworks or techniques to generate meaningful insight out of complex and technical data.
Focus areas of security assessment by the Information Security Analyst include external threats and trends, applications and infrastructure security, cloud security, third party security and overall security program effectiveness in mitigating risk.
The Information Security Analyst’s goal to create actionable information for IT and business leadership, and to provide objective assessment of cyber security risks for auditors, regulators and external parties.
This requires routinely authoring detailed reports and gathering metrics ensure stakeholders receive accurate and complete information.
The Info Security Administrator keeps abreast of external cyber security trends, technologies and cyber risk management approaches, and often works with other teams on cyber risk-related initiatives to provide subject-matter recommendations and guidance to achieve a posture within the bank’s overall risk appetite.
Technology and Innovation Division
As a member of City National’s Technology & Innovation group, you will drive, develop, and maintain solutions for clients and colleagues.
This is an exciting time of technology advancement and innovation across the bank, particularly within our technology teams.
WHAT WILL YOU DO?
- Define analysis objectives, collect data from internal and external sources, and evaluate/analyze data to provide objective information on cyber risks for IT and business management with both summary and detailed reporting
- Assess risk within subject specialty area to evaluate the design and effectiveness of security controls
- Provide insight and guidance to IT software and hardware upgrades and other projects to ensure production environments meet and exceed minimum security standards and will effectively counter cyber threats
- Partner with external partners, vendors, law enforcement, and intelligence community as applicable to fulfill reporting and information sharing requirements, and collecting information required for comprehensive risk analysis and assessment
- Create new and maintain process and procedural documentation for various risk analysis and risk assessment activities; Highlight industry-based methodologies, techniques or standards (FAIR, NIST, FFIEC, etc.) used as the basis for analysis efforts
- Publish routine, accurate risk analysis and assessment reports as defined by organizational risk policies and procedures to applicable audiences for each subject area discipline
- Participate in other security support projects and duties as needed or requested
WHAT DO YOU NEED TO SUCCEED
Must-Have*
- Bachelor’s Degree business, computer science or related field
- Minimum of 7 years’ experience in Information/Cyber Security field
- Minimum of 10 year experience in cyber security operations, incident response, IT risk management or investigations
Skills and Knowledge
- Demonstrated experience analyzing complex cyber security data sets within subject area specialty
- Demonstrated knowledge of cyber security landscape – threats, trends, technologies
- Demonstrated knowledge of financial regulation and control frameworks applicable to cyber security or IT risk
- Excellent communication and interpersonal skills.
Including a strong ability to create positive and professional business relationships with internal clients.
- Strong commitment to working as a team and providing excellent customer service.
- Exposure to banking or equivalent highly controlled technology environment is preferred
- Masters’ degree in business, computer science or related field preferred
- Security certifications (CISSP, GSEC, etc.) are highly desired.
- Demonstrated experience with Industry or subject specific analysis or assessment frameworks is highly desired (FAIR, NIST CSF, etc.)
- Experience in banking/financial industry is strongly preferred
- Formalized training in cyber security analysis or assessment techniques
*To be considered for this position you must meet at least these basic qualifications
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification.
It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of employees assigned to this job.
INCLUSION AND EQUAL OPPORTUNITY EMPLOYMENT
City National Bank is an equal opportunity employer committed to diversity and inclusion.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other basis protected by law.
ABOUT CITY NATIONAL
We start with a basic premise: Business is personal.
Since day one we’ve always gone further than the competition to help our clients, colleagues and community flourish.
City National Bank was founded in 1954 by entrepreneurs for entrepreneurs and that legacy of integrity, community and unparalleled client relationships continues to drive phenomenal growth today.
City National is a subsidiary of Royal Bank of Canada, one of North America’s leading diversified financial services companies.
City National Bank requires all colleagues to be fully vaccinated against COVID-19 to work on-site at any of our locations.