Avp, Information Security Engineer

COMPANY DESCRIPTION: Forbright is a nationwide full-service bank and lender helping accelerate the transition to a sustainable and low-carbon economy. Headquartered in Chevy Chase, Maryland, Forbright is committed to accelerating the transition to a sustainable economy by financing visionary leader in clean energy, healthcare, technology, financial services, real estate, and other industries with extraordinary service.

COMPANY CULTURE: We are a dynamic, high energy, fun, and fast-paced organization that has an exciting growth trajectory, meaningful mission, and embedded responsible environmental, social, and governance (ESG) practices into our daily interactions. We offer our team members a culture of collaboration, inclusion, flexibility, recognition, and giving back. We look to hire individuals that are passionate about our mission, and who are motivated, customer and results-oriented, innovative, adaptable, and thoughtful.

COMPANY MISSION: We are a mission-driven institution with an uncommon commitment to decarbonization and sustainability. As the need to build a more sustainable, low-carbon economic system grows increasingly urgent, we are dedicating half of our assets to financing the companies, investors, and innovators driving that change. We are reimagining how a bank should operate in a changing world.

JOB SUMMARY: The AVP, Information Security Engineer is responsible for supporting the Bank's security operations, including but not limited to threat identification, intrusion detection, digital forensics, incident response, and the design, implementation, and maintenance of enterprise-wide on-premise and cloud-based security solutions. The role provides technical analysis, assessment, and recommendations in security situational awareness, operational, network, and applications systems security monitoring, and vulnerability management.

DUTIES AND RESPONSIBILITIES:

• Design and architect secure systems, networks, and applications to protect against cyber threats

• Evaluate and recommend security technologies and tools to enhance the organization's security posture

• Implement and manage security information and event management (SIEM) systems

• Conduct penetration testing and ethical hacking to identify and remediate vulnerabilities

• Define and assess compliance security configurations for hardware, software, and cloud services

• Provide expertise in security governance and compliance frameworks, e.g., CIS Benchmarks

• Develop and maintain security documentation, including security policies and procedures

• Define, conduct, and report on internal and 3rd party Red Team, Purple Team, and Blue Team assessments and exercises

• Collaborate with the Application and Development to ensure that all custom development, both on-premises and in the cloud, meets strict security guidelines

• Define, conduct, and report on digital forensics procedures, policies, and deliverables

• Conduct regular tabletop exercises to test and improve the effectiveness of incident response plans

• Active participation in the Information and Cybersecurity, Bank Vulnerability Management, and Data Loss Prevention programs, including efforts related to vulnerability remediation planning, tracking, implementation, threat research, log analysis, end-user security education and training, and recommendations for process improvement

• Participate in change management processes when remediating threats or vulnerabilities

• Provide after-hours and weekend analysis on an as-needed basis outside of general working hours

• Other projects as assigned

SUPERVISORY RESPONSIBILITIES:

• Supervise assigned employees by organizing and monitoring work progress

• Maintain staff by recruiting, selecting, orienting, and training employees

• Manage performance of employees through development, coaching, and counseling

QUALIFICATIONS:

• Bachelor's Degree from a 4-year accredited institution and a minimum of 4 years of related experience required; or 8 years of Information Security experience required

• 4 years of Cybersecurity Engineering or Architecting experience required

• Cybersecurity-related certifications such as Certified Information Security Professional (CISSP), GIAC Defensible Security Architecture (GDSA), GIAC Certified Incident Handler (GCIH), CERT Certified Computer Security Incident Handler (CSIH), GIAC Certified Forensic Examiner (GCFE), and Offensive Security Certified Professional (OSCP)

• Experience and solid working knowledge of cybersecurity and network analysis tools, network topologies, intrusion detection methodologies, Windows systems, and preferably Linux systems analysis for evidence of compromise

• Familiarity with the requirements of NIST SP 800-53, FFIEC Booklets, and Critical Security Controls

POSITION REQUIREMENTS: The requirements described are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable employees to perform the essential functions. Work is conducted primarily in an office; however, some positions may be conducted remotely via technology. While performing duties of this job, the employee may be regularly required for prolonged periods to:

• Sit or stand at a desk

• Walk, stoop down, crouch, kneel, or bend over

• Use hands and fingers

• Utilize a computer monitor with visual acuity

• Operate technology and other office machinery such as printers, fax machines, scanners, etc.

• Communicate clearly both verbally and in writing with others