Information Security Analyst
Overview
BankNewport celebrates being a community bank since 1819. Yes, that’s 200+ years, and still growing. Offering new and exciting career opportunities, BankNewport is committed to providing our employees the resource and guidance to develop careers that are challenging and rewarding.
So if you’re looking for a great professional opportunity, know that BankNewport will empower and invest in you.
The Information Security Analyst supports the Bank’s information security risk management and compliance program, with a focus on vendor risk, technology risk, third-party due diligence, access reviews, contract support, control monitoring, and audit-ready documentation.
This role helps ensure vendors, technologies, systems, and business processes are assessed, documented, monitored, reported, and assigned to accountable owners in accordance with Bank policies, regulatory expectations, and program requirements.
The Analyst works with Information Security, Technology, Risk Management, Legal, Procurement, business owners, system administrators, and other partners to support a consistent, well-documented risk management model focused on ownership, follow-up, issue tracking, remediation, and continuous improvement.
The ideal candidate is detail-oriented, organized, collaborative, and able to evaluate risks in a practical manner.
Responsibilities
PRIMARY ACCOUNTABILITIES / RESPONSIBILITIES
- All employees of BankNewport are expected to support Bankwide efforts designed to understand, measure, monitor, reduce, control and report risk in the most efficient and cost-effective manner. Risk management includes but is not limited to compliance risk, credit risk, liquidity risk, market risk, operations risk and systems risk as well as attention to physical building safety and security. Furthermore, all support staff employees are expected to fully support the Bank’s “Set your Sales” initiative and utilize support staff training to consistently provide sales support to all departments. They should also possess an understanding of their department’s support metrics and continue to improve Bank efficiencies.
- The Information Security Analyst performs any functions necessary, within scope of authority and expertise, to provide the highest level of service and responsiveness to colleagues and customers and the communities in which the Bank serves. The Information Security Analyst also assists others in the Department, as needed.
- Information/Cyber Security Program – Assists the Information Security Officer as needed in managing the Bank’s Information Security program. Works independently to ensure effective management of the overall program and system, including developing and providing reporting, ensuring data quality and assisting with audit responses as required.
- Vendor Management Program – Responsible to manage the Bank’s Vendor Management program and system application, under the direct guidance of the Information Security Officer. Works independently to ensure effective management of the overall program and system, including developing and providing reporting, ensuring data quality and consistency, and working directly with business units to assist in their vendor management responsibilities and use of the vendor management system. Identify opportunities for enhancement and improvements to the process and related guidance. Maintain related policies, procedures and guidance and ensure they remain current with regulatory and best practices expectations.
- Project Management Life Cycle – Responsible to assist the Information Security Officer in the development, implementation and management of the Bank’s Project Management Life Cycle and Business Initiative Due Diligence process
- Business Continuity Planning – Support the Information Security Officer in the management of the Bank’s Business Continuity Planning (BCP). Responsibilities may include working with business units to review and update their individual plans, participating, coordinating and assisting with BCP testing and reporting of results, supporting the Business Impact Analysis process, and assisting in management and board reporting.
- Knowledge of Laws and Regulations – Responsible to obtain and maintain proficient knowledge of federal and state laws and regulations applicable to the Bank in the areas of vendor and third-party management, risk management, business continuity planning, and other areas of responsibility. Obtains and maintains knowledge of Bank services, policies and procedures.
- Research and Consultation - Researches regulatory, methodology and best practices questions as they arise during the course of business and provides opinions and recommendations based upon research. Provides guidance and direction to business areas, as needed. Also responsible to make related recommendations for policy and procedural changes, as appropriate. Available to assist the Information Security Officer and/or the Director of Compliance & Risk Management in conducting research, interpreting laws and regulations, and forming opinions.
- Risk Assessments - Responsible for the coordination of various risk assessments, including a bank-wide non-electronic customer information risk assessment. Activities may include coordinating or conducting risk assessments, or sections thereof, reviewing risk assessment documentation and conclusions, tracking and monitoring risk assessment activities, and developing, implementing and tracking action items relating to completed risk assessments. Ability to effectively identify and assess compliance, legal and reputational risks and recommend appropriate risk mitigating actions.
- Acts as System Administrator and primary application specialist for all Department third-party applications. Responsible for the user access controls, security, maintenance, and updates of said applications and Department. Also manages the Business Continuity Planning documentation for the Department.
- Keeps abreast of compliance, industry and best practices activities through attendance at professional association meetings, seminars, and workshops, as appropriate, as well as through reading publications and newsletters.
- Represents the Bank through participation in various community and industry related activities. Actively promotes interest in the Bank whenever and wherever possible.
- Performs related and unrelated duties as may be required.
Qualifications
- Bachelor’s degree or its equivalent in specialized course work and training.
- Two or more years of relevant banking experience or equivalent.
- General knowledge of banking laws and regulations (experience with regulatory examinations and Gramm-Leach-Bliley Act preferred).
- Experience with vendor management and project management is a plus.
- Exposure to bank related operations and products.
- Strong analytical and decision-making skills.
- Ability to conduct effective research and analysis, and clearly document supported conclusions and opinions.
- Excellent communication, interpersonal, and organizational skills. Must be able to multitask, act independently and make decisions.
- Project management experience a plus.
- Strong PC skills. Microsoft SharePoint a plus. Knowledge of Bank systems a plus.
Any physical demands or work conditions described below are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Employees need to have the ability to:
- Travel independently to the position’s primary work location, other Bank properties, and work-related activities or events at locations outside the Bank.
- Effectively communicate and exchange accurate information and ideas so others will understand.
- Independently operate a computer and other office machinery, such as a calculator, copy machine, printer, and software programs related to the position needed to complete the primary functions.
- Sit or stand at a workspace and use a computer or other equipment for prolonged periods of time.
- Meet hybrid work schedule requirements for physically working in the office during normal business hours on Mondays, Wednesdays, and another day of choice to effectively meet business needs.
- Move office items weighing up to 35 pounds.
- Work in an environment with low to moderate noise levels.
SUPERVISORY SCOPE
None directly.
INDEPENDENT ACTION
Performs work independently within scope of established guidelines and practices. Consults with manager where clarification or exception to Bank policy may be required. Is able to take initiative and manage projects and program elements.
BANKNEWPORT CORE VALUES
- We celebrate individuality
- We empower employees to be creative problem solvers
- We invest and take the time to really get to know our customers
- We commit to serving the financial needs of Rhode Islander’s
Any physical demands or work conditions described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
BankNewport has a sales oriented culture to which all employees must adhere. It is expected that both internal and external customers be treated with competence, courtesy and concern. We must strive, as employees, to discover our customers’ needs and to determine and decide which product or service best meets those needs. Following a discussion, a solution should be developed to meet or exceed the customer’s expectations.