SUMMARY: We are looking for a Senior Cybersecurity Analyst to join our team and lead our efforts to protect our organization from cyber threats. As a Senior Cybersecurity Analyst, you will be responsible for designing, conducting, and overseeing controls testing and vulnerability management activities in line with NIST Cybersecurity Framework (CSF) and industry best practices to ensure the security and compliance of our cloud and on-premises systems and data.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
Design and implement a comprehensive and risk-based controls testing program, derived from NIST CSF and NIST SP 800-53 (series) to evaluate the effectiveness and efficiency of security and privacy controls across the organization
Conduct controls testing and vulnerability scans on a regular basis to identify and remediate security gaps and weaknesses
Analyze and report on the results of controls testing and vulnerability management activities, and provide recommendations for improvement
Coordinate with internal and external stakeholders to ensure the timely and effective implementation of security controls and remediation actions
Monitor and respond to security incidents and events, and escalate issues as needed
Research and stay updated on the latest cybersecurity trends, threats, and best practices
Support the development and maintenance of security policies, standards, and procedures
Apply the NIST CSF to assess and improve the security posture of our cloud and on-premises environments
Evaluate and implement cloud security controls and best practices, such as those recommended by NIST, FedRAMP, CSA, CIS
Mentor and coach junior cybersecurity analysts and provide guidance and feedback
Lead and participate in security audits and assessments, and ensure compliance with relevant regulations and standards, such as NIST SP 800-53, ISO, PCI-DSS
Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
Adheres to Bank policies and procedures and completes required training.
Identifies and reports suspicious activity.
EDUCATION
Bachelor's degree in cybersecurity, computer science, or related field, or equivalent work experience preferred
EXPERIENCE
4-6 Years years of experience in cybersecurity controls testing and vulnerability management required
KNOWLEDGE, SKILLS AND ABILITIES
In-depth knowledge of security frameworks and standards, such as NIST CSF, ISO, PCI-DSS High
Proficiency with security tools and technologies, such as firewalls, CASB, SIEM Medium
Expertise with scripting languages is desired Low
Strong analytical and problem-solving skills High
Excellent communication and interpersonal skills High
Ability to work independently and as part of a team High
Expertise with the NIST CSF and its core functions, categories, and subcategories High
Certification in cloud security, such as CCSK, CCSP is a plus at hire, mandatory after one year Medium
Certification in security auditing, such as CISA, CIA, or CRISC, is a plus Medium
Experience with cloud security concepts and solutions, such as identity and access management, encryption, logging and monitoring, etc. High
CERTIFICATES, LICENSES, REGISTRATIONS
Certification in cloud security, such as CCSK, CCSP, or AWS Certified Security, is a plus within 1-1/2 Years preferred
Certification in general Cybersecurity, such as CISSP, is a plus preferred
BankUnited is an Affirmative Action and Equal Opportunity Employer. BankUnited does not discriminate against individuals on the basis of race, creed, color, gender, religion, national origin, age, disability, veteran status, pregnancy, marital status, citizenship status, sexual orientation, gender identity, genetic information, or any other classification protected by applicable laws.