Information Security Analyst II - Hybrid

Indianapolis, IN, United States

Don't let our name scare you, we are not your average bank.

With nearly a century of service, FHLBI is one of 11 independent regional cooperative banks across the U.S. Simply put, we're a bank for banks, credit unions, community development financial institutions and insurers across Indiana and Michigan. As a cooperative, we are dedicated to strengthening communities throughout our region.

But enough about us, let's talk about you.

Are you looking for a company that views their employees as their greatest asset?

A company that's dedicated to making a difference in the community? So much so they pay their employees to volunteer?

Do you want to join a talented workforce that prioritizes diversity, equity and inclusion, and promotes learning and development, unique skills/ideas, and employee engagement?

If you've said yes to these questions, then we might be a match!

Here is what we offer:

Flexible hybrid workforce model: Onsite three days a week and two days remote. We also offer five fully remote weeks per year!

Fantastic, competitive pay and total rewards

Industry-high 401(k) match: up to 6% PLUS...an additional 4% contribution!

Tuition reimbursement assistance: To help you continue to develop personally and professionally.

Student loan repayment assistance: That's right, we will help you repay outstanding student loans!

Awesome Benefits Package: Medical, dental, vision benefits and even pet (you read that right) insurance!

Generous time off: Vacation, paid federal holidays, birthday month floating holiday, volunteer day and summer hours program

"Dress for your day" dress code: You choose the appropriate work attire based on what your day looks like.

Purpose :

The Information Security Analyst II works within the Information Security Governance team and closely with Bank management and members of the Information Security Department to execute a Bank-wide information security management program. This position is responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. This position also is responsible for information secuirty awareness and training, evaluating third party secuirty risk, user access management certifications and data classification certifications.

The following statements are intended to describe the general nature and level of work being performed by persons assigned to the job. They are not intended to be an exhaustive list of all responsibilities or abilities required of persons so classified. The Bank reserves the right to alter or amend this description at any time.

Specific Responsibilities : Monitor the effectiveness of the Bank's enterprise information security management program to ensure that the integrity, confidentiality, and availability of information that is owned, controlled or processed by the organization. This includes monitoring and creating metrics, key risk indicators, management action plans, and other reports to identify risks and breakdowns in processes and/or controls in addition to evaluating the effectiveness of management action plans.

Assist with the development, training, and dissemination of security policies.

Execute training and awareness campaigns in alignment with the Information Security Training Plan.

Assist with Identity governance and access management tool implementation for user access certifications.

Perform the information security vendor due diligence process in support of the Vendor Management Policy.

Manage the maintenance and updating of the data classification schedule to ensure accuracy and completeness of the inventory.

Identify incidents through monitoring of the Bank's Data Loss Protection systems.

Identify non-compliance through monitoring of the Bank's user access activities.

Assist in identifying Information Security control gaps.

Collaborate with the Bank's second and third line of defense as needed.

Competencies :

Business Job Knowledge

General Decision Making/Judgment

Dependability

Productivity

Integrity/Ethics

People Communication

Teamwork

Interpersonal Skills

Listening Skills

Unique Competencies: Intelligence Gathering - Utilizes cyber intelligence methodology to gather data and share that information with others.

Analyze security information - The ability to review and independently assess outputs from security reports and make independent recommendations to Bank management.

Position Requirements: Bachelor's degree in information systems, information security or equivalent work experience.

Three years minimum prior experience in information security, information systems audit, information systems risk management, information technology or other related positions.

Achieved or are in pursuit of Information Security Certifications such as COMPTIA Security +, CISA (Certified Information Systems Auditor) CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional) or CRISC (Certified in Risk and Information Systems Control) or GIAC SANS certifications or equivalent are preferred.

Understanding of current Information Security theory, frameworks and industry best practices. Knowledge of CIS Controls a plus.

Prior experience with managing phishing simulation campaigns and training. KnowBe4 knowledge a plus.

Strong verbal and written communication and presentation skills, including the ability to interact with all levels of staff in a professional/tactful manner.

Knowledge and experience in information security risk management performing information security risk assessments or third-party risk assessments, standards and practices. Prior experience with governance, risk, and compliance software such as LogicManger a plus.

Ability to consistently meet deadlines while simultaneously managing multiple projects.

Ability to create, edit, format, and publish documents in Microsoft Office Products.

Must not have been convicted on any civil or criminal charge that would suggest a risk to Bank security.

Ability to work full time.

Ability to uphold and model the Bank's Guiding Principles.

FHLBank Indianapolis is an Equal Opportunity Employer.