• Information Security Analyst

    Job Location US-IL-Chicago
    Posted Date 12 months ago(12 months ago)
    # of Openings
  • Overview

    CIBC provides tailored commercial, wealth management, personal, and small business financial solutions in the United States through 46 offices in 18 states, as well as cross-border banking services to clients with North American operations. Learn more at cibc.com/US.


    CIBC is a Toronto-based, global financial institution with a 150 year history, serving 11 million personal and business clients. We invest in our businesses, our clients, our people and our communities to deliver consistent and sustainable earnings to our shareholders. 


    CIBC delivers access to career and development opportunities, safe and healthy workplaces, effective training, and positive work-life balance – so that employees are able to perform at their best, contribute to their communities and focus on cultivating deeper relationships with our clients.


    Every year, CIBC is recognized for its business success, community commitment and employee initiatives.  We are proud of this success and are committed to creating an inclusive workplace and an environment where all employees can excel.


    CIBC Bank USA is an Equal Opportunity Employer M/F/Disability/Veteran




    Under the oversight of information security management or senior analysts direction, supports CIBC's Information Security and Incident Response programs. Applies industry knowledge of cyber security risks, threats, and controls to the CIBC environment. Must be able to weigh business needs against security concerns and articulate issues to management. Performs all procedures necessary to ensure the safety of information and to protect systems from intentional or inadvertent access or destruction. Interfaces with the user community to understand their security needs and implements procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security. Conducts security evaluations of systems, vendors, and processes. Requires some knowledge of firewall theory and configuration.

    • Execute various security controls and testing
    • Gather, prepare, develop security metrics / compliance, and ad-hoc reports
    • Strong Information Security Awareness Program skills that include preparing creative presentations, marketing education and providing training classes
    • Conduct security risk assessments of vendors, systems, processes, and new products
    • Manage Threat Intelligence, oversee Vulnerability Management process, and perform related data analysis
    • Conduct proactive security reviews (access reviews, terminations, appropriateness, dormant/generic accounts, inactive users, etc.)
    • Facilitate the management of security incidents and lead the Incident Response Team, in accordance with the Incident Response Program
    • Represent the Information Security Team on enterprise-level project teams
    • Monitor usage of company resources and data
    • Day-to-day management of Information Security policies and procedures
    • Participate in physical security walk-throughs
    • Projects, as delegated by the Information Security Manager
    • Technical writing abilities required


    • 3-6 years' experience in Information Security or Risk Management positions within financial institutions
    • Pursuing CISSP (Certified Information Systems Security Professional) certification - preferred
    • Strong understanding of risk-based approach and risk vs. reward analysis
    • Strong analytical, problem solving, and trouble shooting skills
    • Robust and Creative communications skills, that includes written and verbal skills that support the ability to communicate with a variety of levels within the organization
    • Demonstrates strong knowledge and understanding of IT environments and operational functions
    • Strong Information Technology background
    • CRISC (Certified in Risk and Information Systems Controls) certification - preferred
    • Knowledge of Sarbanes Oxley, the Gramm-Leach-Bliley Act, PCI standards, and other regulations
    • Working experience with Data Loss Prevention systems, and Network Access Control systems
    • Working knowledge of standard industry Frameworks
    • Experience with vulnerability management and remediation, and wireless network security
    • Interpersonal skills and collaboration skills are critical in working with all levels of employees and management
    • Experience in driving change and delivering quantifiable results
    • Action oriented, quick learner, and strong work ethic
    • Proven ability to manage multiple high priority tasks simultaneously with the ability to prioritize
    • Takes ownership and ability to drive and measure continual improvement actions
    • Proactive leader and thinker, who is able to work independently under general direction
    • Proficient in using Microsoft Office applications
    • Consistently monitors and assesses programs performance, industry trends, and identifies specific gaps to ensure objectives are satisfied
    • Provides input and makes recommendations regarding the program and process enhancements
    • Continuously seeks ongoing feedback and keeps lines of communication open with peers and management


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed