• System Security Officer

    Job Location US-NH-Manchester
    Job ID
    2018-2378
    Position Type
    Exempt Full-Time
    Grade
    TBD
  • Overview

    Under direction of the Information Security Officer (ISO), and in cooperation with the VP-IT at HarborOne Mortgage, assist with the planning, coordination and oversight of certain technology related systems and programs, to include HarborOne Mortgage and any subsidiaries.

     

    Responsibilities

    ESSENTIAL DUTIES & RESPONSIBILITIES - Include the following. Other duties may be assigned.

     

    Manage the process for review and remediation as it relates to vulnerability scanning and penetration testing

     

    Manage the process for review and remediation as it relates to patch management and overall end-point protection

     

    Ensure changes for certain key, high risk systems are properly documented and authorized

     

    Prepare and distribute reports as assigned, including a monthly and quarterly IT Security Status report.

     

    Work with the VP-IT and ISO to ensure IT risk assessments for the division are completed and reviewed.

     

    Work with ISO and VP-IT to track and validate remediation responses to IT audit findings.

     

    Work with the ISO and in cooperation with management to provide input with regard to proposed IT security solutions, and make recommendations in an effort to enhance the security posture of the Bank.

     

    Perform periodic IT security reviews, and control testing.

     

    Monitor security systems for anomalies and respond to, or escalate potential security events as needed.

     

    Assist with change control processes to ensure changes meet security requirements.

     

    Assist with the development and coordination of metrics designed to guide security decisions and allocation of security-related resources.

     

    Assist with policy and procedure documentation as it relates to the Information Security Program and system administrators

     

    Qualifications

    QUALIFICATIONS - To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

    EDUCATION and/or EXPERIENCE

    At least 4 years’ experience in the Information Technology field or related position.  IT Risk Management. Information security certifications preferred, Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or similar industry certification.

     

    Experience with network security design, implementation, and support of an enterprise environment, preferably a banking environment.

     

    Knowledge of compliance and regulatory program requirements, such as GLBA, MA201.CMR.17, and various FFIEC Guidelines.

     

    Demonstrated project management skills and ability to track and report progress against established milestones, metrics and deliverables

     

    Understanding of Microsoft security functions (Active Directory, Authentication, group policy, local policy, permissions etc.) and how to use these facilities to diagnose issues or increase security posture

     

    Understanding of these key security control areas:

    • Risk Assessments
    • Endpoint protection systems (e.g. antivirus, file-integrity monitoring)
    • Intrusion Prevention Systems
    • Penetration Testing
    • Patch Management
    • System and Network Security Hardening
    • Data Loss Prevention
    • Multi-factor authentication
    • Control testing

    Knowledge of project management process and meeting defined goals in projects

     

    Ability to review, assess risk for, and approve network change requests

     

    Strong Communication skills (written and verbal) to accurately update projects, policies, procedures, and audit responses.

     

    OTHER SKILLS AND ABILITIES
    Strong familiarity with technological disciplines including; Microsoft SharePoint Server, SSRS, Visual Studio, MSSQL Microsoft Active Directory Services, Varonis, and risk assessment tools such as WolfPAC

     

    LANGUAGE SKILLS
    Ability to read and interpret documents such as safety rules, operating and maintenance instructions, and procedure manuals. Ability to write routine reports and correspondence. Ability to speak effectively before groups of customers or employees of organization.

     

    MATHEMATICAL SKILLS
    Ability to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages, area, circumference, and volume. Ability to apply concepts of basic             algebra and geometry.

     

    REASONING ABILITY
    Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed

    Connect With Us!

    Not ready to apply? Connect with us for general consideration.