Information Security Analyst I

Cenlar is the nation’s leading mortgage loan subservicer. Our unique culture is defined by our core values of respect, trust, integrity and care. A promote-from-within philosophy, and opportunities for continuous professional growth make Cenlar a great place to launch or boost your career.

The Information Security Analysts support the Corporate Security Program in achievement, maintenance, and oversight of best practice and industry standard physical, cyber, and logical controls on all Cenlar computing resources.  The Analysts may support Cenlar's technical information security program including routine operational tasks, as well as security projects and technical security analysis needs. The Analysts assist in security assurance around company’s use of third-party service providers and the appropriate transparency of company’s technology and security control functions externally.   This position ensures the on-going security control activities occur as defined, are operating effectively, and maintains evidence of compliance with the controls (RCSA, SOC, IA, OCC guidance, best practices).

Responsibilities:

Security Program

• Performs independent assignments to complete established initiatives with a high degree of quality by defined due dates
• Runs defined program-level functions, such as Access Governance (entitlement reviews), analysis of non-SSO web apps for SAML, flat file exports, supports efforts to implement SAML where feasible, pen testing, and Issues Tracking 
• Ensures the execution of and adherence to CSO and IT policies and standards
• Identifies potential risks and issues at operational and project levels and raises to Director
• Gathers and analyzes requirements, use cases, recommends automation of manual processes supporting key controls, and implements reliable systems and processes to achieve deliverables
• Works with project teams, and executes tasks effectively

Security Assurance

• Assists in the Corporate Security Office (CSO) in compliance review engagements focused on or conducted by external entities, including vendors, clients, regulators, rating agencies and internal/external auditors
• With regard to vendor-focused compliance reviews, assists in vendor due diligence process around the assessment of vendors in regard to technology and security controls as well as the vendor’s capabilities and controls around business continuity and disaster recovery
• With regard to client-focused reviews, assists in gathering information required by clients in support of Cenlar’s client due diligence efforts by providing necessary information and documentation prior to, during, and following each client review engagement
• Establishes clear performance objective and strives to meet objectives within agreed timeframes, budgets or service levels
• Ensures compliance with company policies, procedures and regulatory requirements, and the accuracy and reliability of company data; and to confirm the adequacy of implemented security controls and help identify necessary improvements
• Assists in monitoring objective and ensuring that Service Levels are Maintained
• Assists in developing cost/benefit analysis or justification for any new Corporate Security expenditures as related to security assurance
• Assists in Vendor Security Assurance to include the following:
  • Maintains the vendor due diligence process and framework in alignment with corporate Vendor Management program
  • Assists in reviewing and improving the vendor security assessment questionnaire and related processes
  • Assists in conducting assessments, including on-site visits, whether initially for new potential vendors or on an ongoing basis, minimally annually, for existing vendors
  • Assists in evaluating information, questionnaire responses and third-party reports
  • Assists in developing the vendor security assurance program tools and a scorecard to be updated and presented either monthly or, at minimum, quarterly

Technical Security

• Completes assigned tasks designed to ensure the security of the organization's systems and information assets and protects against unauthorized access, modification, or destruction
• Works within the Corporate Security Office and with end users to determine needs of individual departments in order to implement policies and procedures, and assist in tracking compliance through the organization
• Performs proactive analysis of the security environment to reduce the risk of systems compromise through unauthorized entry and/or activities performed by either external individuals or Cenlar associates
• Monitors firewalls and intrusion prevention systems, system logs, and other systems for security related events on a regular basis, looking for signs of abuse or misuse
• Assists in the investigation of anomalies and response to confirmed security incidents in line with incident response policies and procedures
• Monitors security newsgroups, mailing lists, and postings for information on potential intrusions or security weaknesses where adjustments to the information security controls are warranted
• Stays current on security technologies, techniques, and possible threats to Cenlar
• Conducts assigned risk assessments or audits of existing or new systems to document areas of deficiency, opportunities for improvement and potential financial impacts.  Works to implement improvements
• Completes all assigned project tasks in accordance with project requirements and deadlines
• Works with external audit or assessment teams to identify security related exposures for purposes of general controls improvement or obtaining or maintaining ratings or certifications
• Utilizes security and vulnerability assessment tools internally and externally to identify network security weaknesses in order to recommend network or operating system enhancements
• Supports penetration testing and/or vulnerability assessments of Cenlar systems to ensure that suspected or real vulnerabilities are identified, prioritized and remediated
• Appropriately assess risk when business decisions are made, include but not limited to compliance and operational risk. Demonstrate consideration for Cenlar’s reputation as well as our clients, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Qualifications:

• Bachelor’s degree or equivalent experience
• Master’s degree or professional certifications such as CISSP, CISM, GCIH, Encase preferred
• A minimum of 1 to 3 years direct job experience in Financial Services, preferably mortgage servicing or originations, in the areas of Information Security, Information Technology, Risk& Compliance, Audit, Privacy
• Knowledge of commonly-used security concepts, practices, and procedures Familiar with concepts of access controls
• Primary focus is on defined deliverables, while at the same time developing knowledge of the broader context and value of the deliverables in support of strategic direction
• Experience or familiarity with Internet protocols, services and languages (TCP/IP, Telnet, FTP, HTML), MS-Windows, MS-Office, Linux, MS-SQL or other DBMS’s, Visual Basic, C++/ C#, Powershell and/or other development or scripting languages
• Familiarity working with internal auditors, external regulators and external auditors very desirable
• Critical thinker with the ability to detect issues and engage in problem solving
• Strong communication skills with the ability to clearly articulate details. Must possess strong documentation skills for drafting and creating: policy, procedure, guidelines, and standard

Total Rewards:

At Cenlar, you’ll receive an outstanding benefits package that includes paid medical, dental, and life insurance, 401(k), and tuition assistance as well as opportunities for training and professional advancement.

Cenlar is a drug-free workplace and an equal employment opportunity/affirmative action employer M/F/D/V/SO.