AF
Information Security Administrator
AmeriServ Financial BankSummary Objective
The Information Security Administrator (ISA) will protect the physical and information security of AmeriServ Financial, Inc. and all affiliate entities. Manage policy, procedure, and process to ensure the execution of the Company's Information Security and Business Continuity/Disaster Recovery (BC/DR) Programs and will back-up and assist the CISO, as directed.
Essential Functions
Supervisory Responsibility
No supervision of employees.
Work Environment
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Physical Demands
The employee is frequently required to: 1) Type or otherwise work with fingers; 2) Talk expressing or exchanging ideas by means of the spoken word. Those activities in which they must convey detailed or important spoken instructions to other workers or clients accurately, loudly, or quickly; 3) Hearing – perceiving the nature of sounds at normal speaking levels with/without correction. Ability to receive detailed information through oral communication and make the discriminations in sound. Operating a motor vehicle and the ability to adapt to environmental weather conditions, as seasons change.
Sedentary work may require occasionally lifting of up to 25 pounds and/or move up to 30 pounds. This work involves sitting most of the time with walking, driving and sitting.
Specific vision abilities required by this job include: 1) viewing a computer monitor; 2) extensive reading; 3) driving.
Travel
Minimal travel is required -- includes travel to company offices and occasional attendance at training or seminars.
Competencies
Associate degree in computer science, information technology, or a related field; Bachelor's degree is preferred. Relevant certifications (e.g. Security+) are highly desirable. Three (3) or more years of experience in a security-focused role; and three (3) or more years of professional experience in the banking industry is preferred.
The Information Security Administrator (ISA) will protect the physical and information security of AmeriServ Financial, Inc. and all affiliate entities. Manage policy, procedure, and process to ensure the execution of the Company's Information Security and Business Continuity/Disaster Recovery (BC/DR) Programs and will back-up and assist the CISO, as directed.
Essential Functions
- Assist the CISO in maintaining the Company's Information Security Program.
- Create and maintain Information Security and Business Continuity related procedures and processes.
- Suggest policy and procedural updates based on regulatory guidance, changes in the AmeriServ environment, and emerging threats.
- Oversee the Company's user access administration by the review, decision, and process of all new, transferred, and terminated employee access requests, in accordance with the IT key controls. This also includes tracking the temporary disablement of employees that are on leave.
- Perform information security reviews of users and administrators and their appropriate access levels within applications, as per the user access/system review schedule annually approved by the Information Security Committee.
- Perform System Security Controls (SSCs) reviews, as per the user access/system review schedule annually approved by the Information Security Committee.
- Maintain the Required Blackout Policy by tracking all senior management and VPN users to ensure their compliance with the Policy.
- Review daily reports and investigate and document anomalies and suspicious activity. Review real-time activity as time permits.
- Be a member of and participate in the following Committees:
- Information Security Committee (ISC)
- Fraud Committee
- BC/DR Planning Committee
- Security Events Response Team
- Assist the CISO in maintaining and executing a robust employee information security education and exercise plan. Includes phishing and social engineering tests.
- Ensure that Business Continuity/Disaster Recovery (BC/DR) Plans are in place and participate in exercises as time allows. Maintain the mass communication system.
- Work with the CISO and internal and external IT auditors in execution of Information Security-related audits. Work with the CISO to ensure remediation of audit findings.
- Maintain a current understanding of the IT threat landscape for the financial services industry and work with the CISO to constantly update information security and business continuity strategies to leverage new technology and threat information. Ensure compliance with the changing laws and applicable regulations. Interface with peers (i.e. FS-ISAC, other FIS banks) to exchange information on emerging trends and successful practices.
- Manage and review all documents that pertain to DLP (Data Leakage Protection) within the email system.
Supervisory Responsibility
No supervision of employees.
Work Environment
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.
Physical Demands
The employee is frequently required to: 1) Type or otherwise work with fingers; 2) Talk expressing or exchanging ideas by means of the spoken word. Those activities in which they must convey detailed or important spoken instructions to other workers or clients accurately, loudly, or quickly; 3) Hearing – perceiving the nature of sounds at normal speaking levels with/without correction. Ability to receive detailed information through oral communication and make the discriminations in sound. Operating a motor vehicle and the ability to adapt to environmental weather conditions, as seasons change.
Sedentary work may require occasionally lifting of up to 25 pounds and/or move up to 30 pounds. This work involves sitting most of the time with walking, driving and sitting.
Specific vision abilities required by this job include: 1) viewing a computer monitor; 2) extensive reading; 3) driving.
Travel
Minimal travel is required -- includes travel to company offices and occasional attendance at training or seminars.
Competencies
- Strong Communication Skills (Written and verbal)
- Strong Analytical Skills
- Superior Computer Skills (including Microsoft Office and Internet)
- Deadline Driven
- Ethical Conduct
- Principled Time Management
- Composure Under Pressure/Stressful Situations
- Ability to handle multiple projects/priorities simultaneously
Associate degree in computer science, information technology, or a related field; Bachelor's degree is preferred. Relevant certifications (e.g. Security+) are highly desirable. Three (3) or more years of experience in a security-focused role; and three (3) or more years of professional experience in the banking industry is preferred.
Job Type
- Job Type
- Full Time
- Location
- Johnstown, PA
Share this job: