Senior Information Security Analyst 

This role is responsible for implementation, maintenance, and enforcement of Information Security Program requirements as part of Enterprise Risk Management Team. The incumbent will work with internal and external parties to ensure process and procedures are effectively identifying, protecting with appropriate response and recovery, as needed.

Essential Functions:

  • Implement and monitor information security requirements, policies, and compliance for company, including SIEM, Scan and other tools for risk mitigation and data lost prevention, escalating any security issues.
  • Participate in and/or conduct in risk assessments, audits and IT security/cybersecurity exercises to ensure Information Security Program is identifying, protecting and detecting threats to data, applications, infrastructure, cloud, 3rd Parties, customers and vendors, documenting risks, controls, and acceptance/mitigation strategies for the company.
  • Provide remediation tracking for SOC/NCUA/state audits, external audits, and internal vulnerability scanning.
  • Maintain and update the Technology Policy Manual, ISP methodology and documentation, and Policy Exception Listings.
  • Generate meaningful IT Security metrics and analytics that show security trending and threat management.
  • Effectively communicate data and results verbally and in reports on a regular basis to colleagues and Management Team regarding status of our security environment, vulnerabilities, and/or the current state of our systems.
  • Assist colleagues with research and understanding information security management objectives.
  • Generate meaningful IT Security metrics and analytics that show security trending and threat management.
  • Analyze security incidents and breaches to identify the root cause and how to prevent future occurrences.
  • Evaluate and recommend the new and existing technologies and countermeasures against threats to information or ecosystem.
  • Assist with development and manage delivery of information training programs and periodic security audits, both internal and external.
  • Assist with Vendor Due Diligence and Vendor Risk Management reviews, documentation collection & evaluation, contract reviews and related tasks, makes recommendations for further activity.
  • Technical project lead for Information Security initiatives.
  • Work with the Assistant Vice President – Business Continuity on emergency recovery procedures to develop security plans as part of the recovery process. (A)
  • All other technical and administrational duties that may be assigned as necessary to fulfill the obligations of the position.

Preferred Skills/Knowledge:

  • Minimum of 5 years’ experience in IT security and compliance. IT security certifications preferred, such as CISA, CGEIT, CISSP
  • Experience with Information Security Regulations such as GLBA, NIST, PCI-DSS, and FFIEC
  • Knowledge of financial service organization IT and Business auditing control requirements.
  • Excellent communication skills to convey information effectively and efficiently to peers and management.
  • Exceptional organizational skills necessary for prioritizing and managing varying responsibilities and workloads.
  • Ability to work independently and as part of a team within a challenging and diverse environment.
  • Ability to adapt to changes and adjust priorities in changing conditions.
  • Ability to learn new concepts and skills to continually expand knowledge base and advance with industry changes.
  • Ability to apply critical thinking skills to solve problems by generating, evaluating, and implementing solutions.
  • Willingness to work and seek out new work challenges.

To learn more about one of Maine’s Best Places to Work, please visit To apply, please submit a resume and cover letter including salary requirements to We look forward to hearing from you!