Information Security Risk Assessor

Overview

We are a values driven organization putting Relationships FIRST. EagleBank is focused on being Flexible, Involved, Responsive, Strong, and Trusted. By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deliver the most compelling, valuable service to our community. EagleBank (NASDAQ - EGBN) was founded to meet the financial needs of local business owners in Maryland, Washington DC, and Northern Virginia. With genuine connections, we provide custom financial solutions, local decision-making, and a deeply-rooted dedication to the community.

EagleBank is committed to being a workplace of inclusion, equity, respect, and acceptance. We celebrate diversity and intentionally seek out opportunities to learn from one another’s experience. We believe employees are essential to the building of relationships and we prioritize investing in employee growth and wellbeing. Throughout your EagleBank career, our commitment is to provide you with a variety of competitive benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community. Employee involvement is fostered through resource groups, mentorship programs, community service, and scholarship opportunities for continued education. With features including wellness discounts, healthcare premium sharing, employer funding in your HSA account, and 100% 401(k) matching up to 4%, we pride ourselves in the ways we support our internal relationships.

We understand the need to be creative and flexible when it comes to telecommuting and other alternative work arrangements. This position is eligible for our hybrid remote work program which allows employees to work remotely two days a week. This position has flexibility in choosing which two days, in addition to Wednesday, will be worked in the Bournefield office located in SilverSprings, Maryland.

Responsibilities

The Information Security Risk Assessor is a technical risk resource that works closely with Business units and Vendor Risk Management. Evaluates new projects and conducting periodic routine security assessments that adhere to the company’s security guidelines, information security best practices, industry compliance requirement and enforces the banks network and security policies. Focus will specifically be on supply chain risk analysis where we will need to understand and evaluate the risk in the supply chain for both products and services. The documentation that will be produced will highlight the control items and mitigation gaps as applicable.

MAJOR DUTIES AND RESONSIBILITIES:

• Guide and assist in the implementation of sound and effective third-party risk processes across the enterprise for applications and services. Conduct information security assessments to identify security risks in third-party provided applications and services before they are implemented and to supplement the Vendor Risk Assessment efforts.
• Work with EagleBank Risk and Vendor management to design, implement, and manage core Third Party Risk Management (TPRM) processes to monitor, mitigate and report on risk from on-going third-party relationships, especially vendors and clients.
• Provide an initial security assessment review report together with identified deficiencies, which will enable vendor management to sign off on product acquisition contract paperwork.
• Conduct Vendor risk assessments reviewing vendor provided reports like SOC1/SOC2/SOC3/ISO27001/CSA CAIQ/SIGs and other third-party assessment reports to comply with regulatory and contractual requirements
• Generate periodic reports to successfully monitor, mitigate, and report on risk from third party relationships
  • Help increase vendor productivity/performance
  • Ensure compliance with applicable legal/regulatory and contractual requirements
  • Drive continuous process improvement initiatives to maintain alignment with industry best practices
  • Improve existing strategies, operations review, oversight planning and reporting
• Work with the application security engineer to supplement effort in the SDLC process for on-premises hosted applications and internally developed applications.
• Escalates issues to manager, information security, enterprise risk and teams as appropriate.
• Works with managed network vendor, IT Project Manager, or IT Network Administrator to resolve problems, evaluate new solutions, recommend changes, and investigate incidents.
• Reviews vulnerability announcements from vendor, US-CERT and FS-ISAC advisories.
• Provides weekly security status report.
• Other duties as assigned.

Qualifications

Requirements:

• Bachelor’s Degree in a related field.
• 1 year of experience as information security risk assessor
• Basic understanding of information security policies, standards, industry best practices, and frameworks.
• Some familiarity reviewing SOC1 and SOC2 Type I/II reports.
• Some ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
• Some technical knowledge of Third Party Risk principles and processes, to include up to date knowledge of current technology solutions, including Cloud and hybrid third party solutions.

• Ability to work extended hours, when necessary, to support operational requirements.
• Availability for participation in on-call rotation.

Preferences:

• 3+ years of IT work experience
• Certification in information security such as CAP (new name Certified in Governance, Risk & Compliance)

Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you aren’t hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.