Information Security Associate in Lynn, MA at Eastern

Date Posted: 7/18/2020

Job Snapshot

Job Description

When you join Eastern Bank, you join the largest and oldest mutual bank in the country. We pride ourselves in having knowledgeable and experienced professionals that can provide the expertise, personal attention and service our customers deserve.

As the fourth-largest full-service commercial bank in Greater Boston, we are able to offer you unique opportunities for career growth throughout the organization, as well as a competitive compensation and benefits program.

As an inclusive company, we work to ensure that our valued employees are treated fairly, recognized for their individuality, and encouraged to reach their fullest potential. These values have earned us a reputation as a great place to work and provide a strong reason why you should consider a career with us.

This position is responsible for developing and collaborating across divisions to implement Eastern Bank’s Information Security program. The primary goal of the program is to protect the confidentiality, integrity and availability of information resources while aligning to business goals and objectives. 


•Maintain Information Security policies and procedures, ensuring adherence by engaging cross-functional organizational stakeholders in periodic policy review and changes. 
•Monitor external threat landscape for changes and ensure that security practices and programs adequately address changing dynamics.
•Conduct periodic user access reviews to ensure effectiveness of identity and access management program and practices.
•Assist in the delivery of a Bank wide information security education and awareness program, ensuring that broad-based enterprise awareness objectives are met. 
•Responsible for interfacing on a regular basis with technology departments to provide security architecture recommendations for improving configuration standards.
•Provide information security subject matter expertise in bank technology project meetings. 
•Lead security risk assessments of Bank and third-party technology platforms and document findings/risks.
•Document and manage life cycle of critical cyber incidents.
•Provide oversight of the Bank’s vulnerability management program.


•Excellent communication skills, including ability to present to senior leadership and get buy-in from internal stakeholders. 
•Experience in performing risk and technology assessments.
•Effective written and oral communication skills. 
•Experience in the oversight and execution of a continuous monitoring and improvement program including security control assessments.
•Strong technical, organizational and administrative skills.
•Makes recommendations to manager on decisions of complex, multifaceted nature. 
•Independently drives and coordinates solutions to complex matters

Job Requirements

Education and Experience:

•3-5 years experience in delivering or managing information security services, policies, standards, and programs.
•BS in Management Information Systems, Computer Information Systems, Information Technology, Information Assurance, or Information Security or equivalent combination of training and experience


•Security-related professional designation preferred: CISSP, CISM, CISA certifications
•Deep understanding of information security threats, risks, processes, and controls 
•Proficiency with current and emerging technology architectures including: Windows, Linux, Networking, public cloud architecture, virtualization, security technologies, etc.
•Proficiency with application development and testing 
•Basic understanding of security frameworks, such as CIS CSCs, NIST CSF, and ISO 27001
•Identifying key risks and controls, recommend improved controls, perform controls readiness projects and identify and assess configuration of controls in IT infrastructure (security, change management, operations, and program development)