Security Operations Administrator

The Security Operations Administrator provides operational support for the bank's Integrated Security Department. Uses a risk-based approach to security management and assists in coordinating physical and cyber security activities while ensuring compliance with applicable laws, regulations and bank policies and other governance documents.

• Responsible for leading and coordinating security incidentals and investigations, ensuring incidents and properly triaged, escalated, documented, and resolved in accordance with approved incident response procedures and escalation protocols
• Responsible for security monitoring and detection by overseeing the effectiveness of security monitoring capabilities (SIEM, EDR, access control, alarms, and video surveillance) validating alerts, alarms and events are appropriately handled and that detection processes remain effective and aligned with risk priorities
• Identify recurring security issues, control gaps, and operational risks across cyber and physical domains; develop and implement corrective actions and operational improvement in coordination
• Develop, maintain, and enforce detailed operating procedures, runbooks, and playbooks that guide analyst and support consistent, repeatable execution
• Serve as the primary operational liaison between security operations and IT, facilities, branch leadership, and business units to ensure security requirements are understood, integrated into operations, and aligned with business objectives and risk tolerance
• Develop and maintain operational security metrics and reporting (incident trends, response times, alert volumes, access reviews, and control effectiveness) and provide clear, actionable reporting
• Oversee operational response to physical security events, including alarms, duress activations, and access anomalies, ensuring timely coordination with banking center leadership, facilities, and law enforcement while maintaining appropriate documentation and follow-up

Qualifications:

• Associate degree or some college courses
• 5-7 years related experience
• Experience monitoring and responding to security incidents in a hybrid operating environment. Advanced understanding of common SIEM, EDR CSPM, DLP, identity and incident response tools/workflows. Experience with event triage, security workflows and structured investigation processes. Advanced knowledge of security principles, threat landscapes, and common tactics, techniques, and procedures targeting financial institutions. Analytical thinker with strong problem-solving skills and a bias for operational improvement. Excellent communicator who can explain technical findings to both technical and non-technical audiences
• Proactive, organized, and adaptable in a fast-moving environment
• Best practices of Risk Controls and Processes; proactive approach to Regulatory Strategy

Skills:

• Work occasionally requires more than 40 hours per week to perform the essential functions of the position
• Some travel to different locations within DFW may be required to attend meetings
• Ability to lift up to 50 lbs; ability to participate in physical activity; ability to do extensive bending, lifting, and standing for an extended period