Under direction of the Information Security Officer (ISO), and in cooperation with the VP-IT at HarborOne Mortgage, assist with the planning, coordination and oversight of certain technology related systems and programs, to include HarborOne Mortgage and any subsidiaries.
ESSENTIAL DUTIES & RESPONSIBILITIES - Include the following. Other duties may be assigned.
Manage the process for review and remediation as it relates to vulnerability scanning and penetration testing
Manage the process for review and remediation as it relates to patch management and overall end-point protection
Ensure changes for certain key, high risk systems are properly documented and authorized
Prepare and distribute reports as assigned, including a monthly and quarterly IT Security Status report.
Work with the VP-IT and ISO to ensure IT risk assessments for the division are completed and reviewed.
Work with ISO and VP-IT to track and validate remediation responses to IT audit findings.
Work with the ISO and in cooperation with management to provide input with regard to proposed IT security solutions, and make recommendations in an effort to enhance the security posture of the Bank.
Perform periodic IT security reviews, and control testing.
Monitor security systems for anomalies and respond to, or escalate potential security events as needed.
Assist with change control processes to ensure changes meet security requirements.
Assist with the development and coordination of metrics designed to guide security decisions and allocation of security-related resources.
Assist with policy and procedure documentation as it relates to the Information Security Program and system administrators
QUALIFICATIONS - To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION and/or EXPERIENCE
At least 4 years’ experience in the Information Technology field or related position. IT Risk Management. Information security certifications preferred, Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or similar industry certification.
Experience with network security design, implementation, and support of an enterprise environment, preferably a banking environment.
Knowledge of compliance and regulatory program requirements, such as GLBA, MA201.CMR.17, and various FFIEC Guidelines.
Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables
Understanding of Microsoft security functions (Active Directory, Authentication, group policy, local policy, permissions etc.) and how to use these facilities to diagnose issues or increase security posture
Understanding of these key security control areas:
Knowledge of project management process and meeting defined goals in projects
Ability to review, assess risk for, and approve network change requests
Strong Communication skills (written and verbal) to accurately update projects, policies, procedures, and audit responses.
OTHER SKILLS AND ABILITIES
Strong familiarity with technological disciplines including; Microsoft SharePoint Server, SSRS, Visual Studio, MSSQL Microsoft Active Directory Services, Varonis, and risk assessment tools such as WolfPAC
Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals. Ability to write routine reports and correspondence. Ability to speak effectively before groups of customers or employees of organization.
Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic algebra and geometry.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.