At OceanFirst Bank, each one of our employees plays an important role in delivering value to our customers and executing daily tasks in accordance with our core values. We recognize that our employees are essential to our success, making OceanFirst a great place to work and do business.
Great benefits include: on-site fitness facility at Red Bank and Toms River headquarter offices, employee perks & discount programs, tuition assistance, incentive compensation program, professional development opportunities, and more! Apply today to #BecomeOceanFirst and make an impact in the local community!
PRIMARY PURPOSE:
In conjunction with the Information Security Operations Manager, develop, implement, and manage an enterprise wide information security framework to establish IT systems defenses against security vulnerability/ breaches.
Assist in the creation and maintenance of information security procedures designed for business and technology
units to establish and maintain a compliant, risk-focused information security platform. Partner with business and
functional units to create and maintain the bank's Business Continuity, Disaster Recovery Plans, and Incident
Response Plan. Implement appropriate monitoring and testing to ensure adherence to the bank's information
security protocols across the organization.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
1. Provide timely detection, identification, and alerting of possible attacks, anomalous activities, and misuse activities.
Utilize an expertise in security solutions such as SIEM, SOAR, IPS/IDS, Endpoint Security, Network Security,
Database Security, Firewalls, Cloud Proxy, Network Access Control and Network Segmentation to identify security
risks.
2. Ensure appropriate systems and controls exist to protect the confidentiality, integrity and availability of data residing
on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other
data repositories.
3. Execute the deployment, integration and initial configuration of all new and enhanced information security solutions
with IT partners in accordance with standard best operating practices and the enterprise's documented information
security procedures.
4. Maintain information security documentation including procedures, processes and guidelines to ensure the
organization's information security and compliance with all applicable banking regulations.
5. Coordinate and document incident reviews to ensure appropriate controls are implemented to prevent or mitigate
risks for recurrence of security and continuity incidents and/or data breaches.
6. Work with IT to maintain the bank's Business Continuity and Disaster Recovery Plans, identify potential information
security risks and develop mitigating controls where appropriate.
7. Maintain ongoing communications with IT peers to ensure enterprise-wide understanding of information security
goals, solicit feedback and foster co-operation.
8. Support the information security activities of the bank's external network sources.
9. Maintain current knowledge and understanding of the IT security industry including awareness of new or revised
security solutions, improved security processes and the development of new attacks and threat vectors. Understand
the IT threat landscape for banking and financial services industry.
10. Help deliver enterprise-wide security awareness training for all employees to ensure consistently high levels of
compliance with enterprise security requirements.
11. Active participant in Incident Response Plan tabletop exercises.
12. Create/Maintain vulnerability scans and then analyze data and integrate into reporting and dashboard creation.
13. Update security software tools to maintain current versions.
14. Review and recommend security policies, controls and cyber incident response planning.
15. Contribute to automation workflows and integration of Artificial Intelligence (AI) and agentic capabilities to increase
efficiencies and coverage while reducing detection and remediation timelines
16. Approve and oversee identity and access management (IAM) policies and system access control.
17. Ensure continued compliance with laws and applicable regulations.
18. Schedule and participate in periodic security assessments.
19. Choose and recommend security products as necessary.
20. Coordinate electronic discovery and digital forensic investigations.
21. Ensure an inventory of technology assets, classified by sensitivity and criticality is properly maintained.
22. Review relevant logs for security events
JOB SPECIFICATIONS:
Knowledge, Skills & Abilities
* Solid understanding of network and system intrusion and detection methods; examples of related technologies
include Next Generation Extended Detection and Response (XDR), Security information and event management
(SIEM), Security Orchestration, Automation, and Response (SOAR), Firewalls, Intrusion Detection
Systems/Intrusion Prevention Systems (IDS/IPS), security testing tactics techniques and procedures.
* Experienced with Zero Trust Networking principles and supporting technology
* Experienced with Exposure Management and the components that comprise the capability (e.g., vulnerability
management, vulnerability intelligence, patch management)
* Experience with introducing practical AI and automation into a Security environment desired
* Understanding of information security frameworks, such as MITRE (ATT&CK, ATLAS, D3FEND), Cyber Kill Chain,
Insider Threat Matrix, NIST CSF, etc.
* Industry recognized Infosec certifications such as CompTIA Security+, CEH: Certified Ethical Hacker, GSEC: SANS
GIAC Security Essentials, CISSP: Certified Information Systems Security Professional, CISM: Certified Information
Security Manager, strongly desired.
* Proven ability to successfully partner with internal clients and vendors to align strategy with deliverables, identify
business challenges and develop alternatives to mitigate.
* Strong service management and service delivery orientation.
* Strong written, oral, and interpersonal communication skills.
* Ability to present ideas in user-friendly language to a variety of constituent audiences.
* Proven ability to work within a changing environment and lead the implementation of change.
* Ability to assess the impact or potential impact of change management initiatives of various sizes and degrees of
complexities on business financials and performance.
* Ability to effectively prioritize and execute tasks in a high-pressure environment.