Information Security Specialist

Under general supervision, conducts information security technical tasks and monitoring activities in accordance with bank policies. Provide management with status reports, work on development and enhancement of security projects with some supervision/direction. In addition, monitor and control the IT Security infrastructure for the business units, identifying, mitigating and controlling risk by ensuring compliance with agreed rules and standards.

Duties & Responsibilities

• Deliver IT security activities in order to ensure customers are provided with a high quality cost efficient service in line with agreed business plan and standards.

• In depth knowledge of security tools such as log aggregators, firewall, proxy, DLP, and others.

• Manage the monitoring and controlling of infrastructure data through the implementation of agreed rules and standards within the business unit to effectively mitigate and control data security.

• Ensure appropriate checks, risk/vulnerability assessments, and penetration tests are conducted on a regular basis in order to identify potential security risks/vulnerabilities, malware and security breaches and where appropriate find solutions, escalating as necessary.

• Technical knowledge in IT architecture, web applications, and networking.

• Contribute to reviewing the design, development and specification of new/redesigned processes, systems, information, documentation and supporting materials producing reports summarizing findings, ensuring that consultation with customers has been undertaken to ensure that their requirements are fully understood and met.

• As directed, support the timely and accurate delivery of security projects and initiatives ensuring these are within specification and budget costs.

• Responsible for understanding and complying with all bank policies/procedures/standards and governmental rules and regulations that apply to his/her job.

• Monitor user activity regarding application and system security such as expired passwords, administrative/power user activity, dormant user accounts and any other elements that is in line with the banks security administration.

• Conduct routine security administration housekeeping and/or maintenance for all systems and banking applications. Effectively review and report any instances where policy and/or standards are compromised to management.

• Communicate instances where users are not complying with bank policy(ies) and ensure issue(s) are remedied in a timely manner.

• Contribute and implement new and innovative processes or technologies that will help move the Information Security program forward.

• Keep abreast of current and emerging technical information security developments including relate federal and state laws and accreditation requirements.

• Maintain confidentiality of enterprise information including specified security elements and controls.

• Effectively work with IT, Audit, Internal Controls, Head Office and other groups as required.

• Operating system technical knowledge from the information security perspective.

• A thorough understanding of the organization's technology and IT systems.

• Planning, researching, and designing security architectures.

• Testing the final security system and updating and upgrading it as needed.

• Responding quickly and effectively to all security incidents and providing post-event analyses.

• Monitoring and guiding the security team, cultivating a sense of security awareness.

• Remaining up to date with the latest security systems, standards, authentication protocols, and products.

• Drive continuous improvement of all security processes, policies, standards, and procedures across the enterprise.

• Compliance with Anti-Money Laundering and Bank Secrecy Act related principles, laws, rules and regulations, as well as Itau's related policies and procedures.

Qualifications

• Bachelor Degree on Computer Science or equivalent

• Master’s Degree is a plus

• At least 7 years of work experience in a Security Analyst or similar role

• CISA, CISM, or CISSP certification is desirable

• Knowledge of financial services industry regulations such as GLBA/FACT Act/NIST Framework/DORA

• Spanish and/or Portuguese proficiency is desirable