- Under the direction of the Information Security Director, develop strategies and plans to achieve security requirements and address identified risks.
- Assist in the development of security architecture and security policies, principles and standards.
- Gather, analyze and assess the current and future threat landscape, and assist in providing leadership with a realistic overview of risks and threats in the enterprise environment.
- Work with business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
- Perform security testing and vulnerability assessments to identify security strengths and weaknesses, to assess the effectiveness of existing controls, and to recommend remediation action.
- Perform incident management and response activities as a member of the bank’s incident management team. As required, assist in triage, response and mitigation, post mortem analysis, and forensic analysis.
- Review audit trails, system logs and other monitoring data sources regularly and ensure they are in compliance with policies and audit requirements.
- Required to perform duties outside of normal work hours based on business needs.
- Assumes responsibility for other duties as required or assigned.
Skills and Experience
- In depth knowledge of risk assessment methods and technologies.
- Proficient use of various tools and techniques, including risk, business impact, control and vulnerability assessments, used to identify business needs and determine control requirements.
- Excellent technical knowledge of Microsoft Windows operating systems and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance, logging and filtering tools, and desktop security solutions.
- Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
- Experience in system and application technology security testing, including static and dynamic code review, vulnerability scanning and penetration testing.
- Experience with IDS/IPS/SIEM and related security tools and technologies.
- Familiarity with router and firewall operations and maintenance.
- Ability to interact with personal at all levels and across all business units / organizations, and to understand business imperatives.
- Strong knowledge in core internet protocols (e.g., TCP/IP, DNS, SMTP, HTTP, etc.)
- Experience working with security tools such as SIEM, vulnerability scanning, laptop data encryption, endpoint data protection, and application pen testing.
- Minimum Education Level: Bachelor’s degree in computer science, information assurance, MIS or related field
- Minimum Job Experience: 8+ years
- Language requirements: English (Written: Advanced, Verbal: Fluent)
- Computer/software skills: Advanced
- Required: 8+ years of experience in technology risk management
- Preferred: CISSP, CISM and/or SANS certification
The salary range for this full-time position is $140,000 – $150,000 + bonus + benefits
Salary ranges are determined based on qualifications, level, and location.
Exact compensation may vary based on your skills and experience.
Bank of Hope is an equal employment opportunity employer and does not discriminate on the basis of race, color, gender, religion, age, sexual orientation, genetic information, national or ethnic origin, disability, marital status, veteran status or any other basis protected by federal, state, or local law.
Requisition Number: SRSEC005801
- Salary Offer $140,000 - $150,000
- Address Los Angeles, CA, USA
- Experience Level Senior
- Total Years Experience 5-10