"Alerted.org

Take the next step toward your new career today!

Become a part of the diverse and inclusive team within our nationally recognized award-winning Bank that is one of the strongest in the nation. Woodforest National Bank is privately owned, and our Employee Stock Ownership Plan is the largest shareholder. We focus on building relationships and discovering opportunities to better serve our communities and understand the financial needs of every customer we serve. At Woodforest we care and prove it by volunteering with local charities and foodbanks to give back to the communities we serve. By joining Woodforest you will become a part of one of the largest employee-owned banks in the country!

The Information Security Analyst Lead (ISA Lead) is responsible for analyzing information security systems and applications. The ISA Lead recommends and develops security measures to protect information against unauthorized modification or loss; monitors, evaluates, and maintains systems and procedures to safeguard internal information systems, network, databases, and web-based security. Also, conducts vulnerability assessments and monitors systems, network, databases, and web for potential system breaches. May oversee internal or external systems security (i.e., cloud services).

Key Responsibilities:

• Compliance:

• PCI - Work with external PCI QSA and multiple internal teams responsible for providing updated policies, evidence for PCI requirements. Achieve annual Report on Compliance (ROC).

• Ensure compliance with other regulations and privacy laws as applicable.

• Vulnerabilities:

• Lead vulnerability assessments, monitor systems, and ensure critical and high vulnerabilities are tracked, managed, and remediated within the documented SLA’s. Determine an action plan to reduce vulnerabilities and document exceptions based on risk acceptance.

• Breach and Attack Simulations:

• Lead team on developing, establishing, and analyzing threat simulation efforts to ensure deployed security solutions are being effective.

• Assist team in ensuring findings are valid and actionable by ensuring cross team collaboration.

• Control Monitoring:

• Monitor, evaluate, and maintain systems and procedures to safeguard internal information systems, network, databases, and Web-based security.

• Respond to alerts from information security tools. Report, investigate and resolve security incidents.

• Educate and communicate security requirements and procedures to all users. Participate in developing or updating Security related training.

• Research:

• Security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breaches.

• Contribute to annual review of policies and assist in keeping policies current.

Competencies Required:

• Exceptional verbal communication and technical writing skills with an ability to effectively interact with and convey information to people who possess varying levels of understanding on applicable topics.

• Knowledge of security controls, data ownership and classification, threat management, and risk management.

• Solid understanding of information security practices, systems, and standards.

• Strong technical and troubleshooting skills with broad knowledge of Microsoft Office, Windows operating systems, networking, server administration and virtualization.

• Interpersonal skills to effectively manage relationships with other teams and departments.

• Advanced understanding of various network systems and related security applications.

• Strong organizational and project management skills with the ability to manage timelines and prioritize workload.

• Self-starter with the ability to work independently while supporting a team environment.

• Ability to work from a directive with little or no supervision; minimum rework required by supervisor.

• Intermediate understanding of assessing, utilizing, supporting, and maintaining logical and physical security architectures and technologies including but not limited to IPS/IDS, firewall, SIEM, VPN, anti-virus, email, web, data, video, physical access control hardware and related operating systems & supporting software.

Minimum Qualifications/Experience:

• 7 years’ experience as an Information Security Analyst required.

Formal Education & Certification:

• Bachelor’s degree in Information Systems, Computer Science or a related discipline preferred, or an equivalent amount of directly related work experience.

• One or more of the following certifications is preferred:

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

Work Status:

• Full-time.

Supervisory Responsibility:

• None.

Travel:

• Less than 10% - travel expected.

Working Conditions:

• Conditions involve lifting no more than ten pounds, sitting most of the time, but may involve walking, moving, or standing for brief periods, and occasionally lifting and carrying articles like files, ledgers, folders, etc.

Disclaimer:

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Nothing herein restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Woodforest is an Equal Opportunity Employer, including Disability and Veterans.

**Job:** **Technology Services*

**Organization:** **Texas - Houston*

**Title:** *Information Security Analyst Lead*

**Location:** *Texas-The Woodlands*

**Requisition ID:** *070026*