Systems/Application Security Analyst, Sr. jobs in Orlando, FL

As a leading regional bank, SouthState has been providing financial solutions to individuals, families, and businesses in the Southeast for more than 100 years. SouthState team members strive to create remarkable experiences while building meaningful and lasting relationships. We are proud to be a reflection of the communities we serve, and our team members share core values that make SouthState a great place to bank, and a great place to work.

SUMMARY/OBJECTIVES

It is the responsibility of the Info Sec Senior Compliance Analyst to take ownership of all tasks and challenges that they encounter in the operation of their assigned position. This role will be responsible for managing and reporting on compliance with Bank policies and standards pertaining to information security and/or related to the processing, storing, accessing, hosting, and/or transmission of Bank data. Responsible for identifying risks related to information system resources and processes used across the business. Utilize a GRC platform to monitor, track, and report on issues. Utilize collaboration platforms such as SharePoint to monitor, track, and report on exceptions. Analyze competitive strategies, cyber technologies, metrics models, and performance indicators. Contribute to robust and innovative strategic solutions. Assists in identifying, analyzing, and influencing compliance with applicable regulatory and governance frameworks. Actively manages and escalates non-compliance and customer-impacting issues within the day-to-day role to management.

ESSENTIAL FUNCTIONS

• Document and analyze compliance deficiencies in RSA Archer and/or the Bank's Exception Management SharePoint site
• Monitor, track, and report on issues using the Bank's GRC platform RSA Archer
• Monitor, track, and report on exceptions using the Bank's Exception Management SharePoint site
• Track remediation efforts associated with issues and exceptions through tickets logged in the Source
• Collaborate with stakeholders and owners to gather timely updates on remediation items
• Enhance the maturity of reporting on exception and remediation status' to relevant stakeholders
• In Archer, and elsewhere, assist in the development of risk tables and the associated control tables to measure compliance with Bank standards
• Monitor, track, and report on the documentation of Security Plans for Bank applications.
• Evaluate the compliance of physical, technical, and administrative controls that safeguard the Bank's data and information system resources
• Responsible for evaluating internal and third party documentation pertaining to information security and ensuring compliance related to the processing, storing, accessing, transmission, and/or hosting of Bank data
• Analyze competitive strategies, cyber technologies, metrics models, and performance indicators to influence reporting
• Acts as a senior advisor to management and executive leadership
• Works closely with business analysts, engineers, and architects to ensure compliance with published standards
• Maintain an understanding of organization wide objectives, interactions, issues and risks
• Develop, implement, and mature existing processes to meet the size and complexity of the Bank's environment that also support internal requirements within internal standards
• Continuously update skills by participating in professional training
• Seek opportunities to improve skills through cross-training offered by the Bank
• All other tasks, responsibilities, or duties, as directed.

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

COMPETENCIES

• Demonstrate a clear understanding of standards, security controls and compliance frameworks.
• Experience with cybersecurity frameworks such as NIST SP 800-53, ISO/IEC 27000 series, CIS, DISA STIG, COSO, and COBIT
• Experience with laws and regulations such as PCI, SOX, HIPAA, GLBA, FFIEC, etc.
• One or more relevant professional certification, such as Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk Information Systems Control (CRISC) or must be able to obtain and maintain an industry recognized certification within one year of hire
• Advanced knowledge of Microsoft Office Word, Excel, Outlook, and other commonly used software
• Possess effective listening skills demonstrated by the ability to listen to others talk (without interruption), understand them, and then propose solutions or make contributions based on the points made by others
• Must be able to make work independently and make sound decisions, recognize potential problems, and take corrective action.
• Demonstrated time management skills, managing multiple assignments, and adhering to deadlines
• Pro-active, self-starter, takes initiative, ambitious and works independently
• Excellent Written, verbal and supervisory skills
• Results oriented and driven

Qualifications, Education, and Certification Requirements

• Education: Bachelor's degree in Information Security, Computer Science, Business, or similar related experience
• Experience: 3 years experience in Information Security principles, practices, and technologies with a focus on experience using a GRC platform such as Archer. At least 3 years of combined experience in risk management, information security, information technology compliance or security. At least one year of having a primary responsibility related to managing and overseeing a project.
• Certifications/Specific Knowledge: Foundational knowledge and understanding of network diagrams, data flows, and secure protocols.

TRAINING REQUIREMENTS/CLASSES

Required annual compliance training, New Employee Orientation

PHYSICAL DEMANDS

Must be able to effectively access and interpret information on computer screens, documents, reports, and cash denominations, and identify customers. This position requires a large amount of time in front of a computer. This can be done sitting or standing with use of the right desk. This position may require bending and reaching.

WORK ENVIRONMENT

For telecommuters or hybrid: Telecommuting roles no matter if hybrid or 100% full time telecommuting must have a secure home office environment that is free from background noise and distractions. They must also have a reliable private internet connection that is not supplied by use of cellular data (hot spot). Cable or fiber connections are preferred. Requirements are subject to change, as new systems and technology is delivered.

TRAVEL

Travel may be required to come to meetings as needed.