Information Assurance Analyst

Job Purpose & Scope

Administers and helps implement multiple programs within Information Security to include security awareness and training, identity access management, and governance and compliance.

Essential Job Functions

1. Assists in the Security Awareness & Training Program efforts by working closely with lines of business (LOB) to help identify top risks related to employees that may lead to compromise and exfiltration of sensitive information; provides and requires additional training that includes acceptable use and consequences of non-compliance.
2. Assists in resolving service desk security emails and escalates security incidents by coordinating and collaborating with the SOC (Security Operations Center), Help Desk, IT, Risk teams and LOBs to remediate identified risks and vulnerabilities, as necessary.
3. Assists in the Identity Access Management Program efforts by serving as IDAM System Analyst and completes daily processing, upkeep, configuration, and operation of the IDAM System.
4. Conducts User Access Reviews (UARs) for critical, SOX and GLBA covered applications and others, as deemed appropriate.
5. Interfaces with both internal and external auditors and examiners.
6. Serves as an additional information security team member, aiding in incident response (IR) with the IR and SOC teams.
7. Works independently and collaboratively to identify information security risks and improve the overall security posture of the organization.
8. Evaluates, tests, and documents security solutions and controls, and collaborates with other internal security experts and departments to ensure the protection of sensitive information.
9. Regularly exercises discretion and judgment in the performance of essential job functions.
10. Maintains good punctuality and attendance to work.
11. Follows Bank policy, procedure, and guidelines.

Knowledge, Skills & Abilities

1. Knowledge of information security risks, vulnerabilities, regulatory and legal changes, and security standards.
2. Knowledge of various regulatory requirements and laws such as, but not limited to, Payment Card Industry (PCI), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX), and Gramm-Leach-Bliley Act (GLBA).
3. Knowledge of principals of cloud, network and endpoint security, current threat and attack trends, and security principals.
4. Ability to communicate effectively both verbally and in writing.
5. Ability to demonstrate initiative to accomplish work objectives.
6. Ability to demonstrate effective organization, critical thinking, analytical, and problem-solving skills.
7. Ability to troubleshoot and resolve complex issues.
8. Ability to manage multiple priorities and projects with exacting deadlines.
9. Ability to work effectively and demonstrate flexibility in a continually changing environment.
10. Ability to maintain confidentiality.
11. Ability to maintain attention to detail.
12. Ability to demonstrate effective time management skills.
13. Skill in monitoring, researching, classifying, and analyzing security events that occur throughout the environment.
14. Skill in using computer and Microsoft Office, including Outlook, Word, Excel, and PowerPoint.

Basic Qualifications

1. High school diploma or equivalent required; bachelor's degree preferred.
2. Minimum of one (1) year of experience in IT or information security, including experience with security awareness and training, identity access management, information systems compliance and controls, or other commensurate information assurance work experience, required.
3. Certification in Security+, GSEC, SSCP, etc., preferred.

Job Expectations

Job Expectations: Operate customary equipment and technology used in a business environment, with or without accommodation.

Note: This description is not an exhaustive list of all job functions, duties, skills, and job standards required. Other job functions, duties, skills, and standards may be added. Management reserves the right to add or change the job requirements at any time.

#dnp

EEO Statement

Bank OZK is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, disability status, protected veteran status, or any other characteristic protected by federal, state, and local law. Member FDIC.