Information Security Analyst (Remote)

Job Title: Information Security Analyst

Job Type: Full-Time/Contract - 2 years (renewable)

Location: Barbados (Remote)

Role Summary:

Working collaboratively with the Information Security team and third-party service providers, the Information Security Analyst will contribute to the protection of the Banks information assets. The incumbent will assist in identifying and analysing security anomalies and applying mitigating actions as instructed by management. The Analyst will also assist in the management of information security risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes.

The incumbent will assist with the embedding of policies, standards and procedures related to the effective management of the Banks security posture and will assist in the execution of security tests, risk assessments, exercises, simulations, initial investigation of security breaches, user training and other security activities as deemed necessary. The Analyst will be part of a team of information security professionals working closely with server and network operations to ensure stability of the Banks information security posture and may also be required to liaise with internal and external auditors and assist in audit reviews throughout the year.

Key Responsibilities:

Governance and risk management:

• Supports the manager with the completion of IT risk assessments, including information security assessments (ISAs), threat risk assessments (TRAs), vulnerability scans, penetration testing, etc., follows up on open issues, validates completion of agreed mitigating tasks and other related tasks as requested by the manager

• Assists with the validation of identified vulnerabilities as directed by manager

• Monitors compliance of information security policies and standards as requested by the manager. Raises incidents of non-compliance / adherence with the manager and / or relevant parties to ensure resolution and learning

Incident and problem management:

• Assists with the collection and evaluation of information required to investigate and remediate, as necessary, alerts received from the onsite security tools and third party providers of information security services, e.g. IBM ISS.

• Immediately informs manager of all critical events identified

• Compiles all required information for further investigation of identified incidents

• Provides incident response support, including assisting manager with mitigating actions to contain activity

Secrets management, as directed by the manager:

• Assists with requests for new / modified security profiles; reviews requests to ensure completeness and prepares draft profiles for review and approval by manager

• Assists the manager with the maintenance of the security matrices; researching changes to users authentication with the application owners and confirming the results of the security matrices tests.

• Assists with processing requests for certificates, tokens and keys; reviews requests to ensure completeness and prepares responses for review and approval by manager

General:

• Collects and collates data for the generation of key performance indicators and key risk indicators, as requested by manager

• Assists with the testing of new computers, software, switch hardware and routers before implementation to ensure security posture is maintained. This includes running vulnerability scans and running configuration compliance (hardware / databases / operating systems, etc.), scans and escalating significant issues to be addressed to responsible managers.

• Reviews and actions security compliance alerts within service level agreement (SLA) to ensure that anomalies / vulnerabilities are escalated / mitigated.

• Other tasks that may be assigned by manager

Application and Cloud Security:

• To ensure application code implemented meets the established secure code standards and the cloud deployments are secured, thus mitigating the risk of unauthorised access to the bank and customers data:

• Assists, as instructed, with application security testing, coordinates tests with third party providers, and ensures that results are logged within applicable systems.

• Undertakes cloud security tasks as assigned by the manager, coordinates tests with third party providers, and ensures that results are logged within applicable systems