This position provides technical support to monitor, maintain, analyze and evaluate credit union information security architecture, policies, procedures and tools, and identify effectiveness of current security programs to meet risk challenges. To protect credit union information systems assets, detect and resolve exposures, and ensure secured member and employee access, information integrity and minimization of financial risk.
- Provides operations support of policies, identification of security risk exposures and security resolutions.
- Conducts daily real-time monitoring and analysis of security logs and events from multiple sources included, but not limited to events from workstations, servers, switches, routers, firewalls, IDS, and event monitoring tools.
- Establishes and analyzes processes and technologies to ensure comprehensive protection exists to prevent unauthorized entry to computer systems.
- Maintains security for enterprise systems and identifies issues that could compromise data integrity or secrecy. Researches and makes recommendations to resolve information technology and security risks.
- Performs security assessment and accreditation activities on IT systems and application, including security audits, risk assessments, security plans, and system test and evaluations.
- Helps to establish and document IT security guidelines, procedures and policies, and implement network security best practices.
- Manages the enterprise vulnerability assessment scanning including the following: analyze vulnerabilities, determine impact, write alerts and advisories, and implement remediation
- Identifies and follows through on host remediation when compromise/vulnerabilities are found.
- Provides first and second tier security incident analysis by evaluating problems, identifying root causes, and recommending/implementing remedial/permanent actions to restore full service. Escalates and works with Risk Management security position to notify/resolve more complex situations.
- Participates in reviewing and analyzing external connectivity issues that may impact security of Educational Systems FCU and members’ information.
- Applies best practices and security standards to make recommendations to IS management team on risks and vulnerabilities related to common application protocols and web services security.
- Serves as key contributor on credit union projects to ensure access information security are incorporated into policies and procedures.
- Provides risk mitigation support by applying cost-effective security countermeasures, host-level security practices, and security planning/integration techniques.
- Provides administration and management of antivirus and malware protection application.
- Reviews inquiries and/or requests for computer security information and/or reports from internal/ external entities and determines appropriate responses and threat impact to credit union security.
- Participates in internal compliance reviews of information security environment, risk assessments, security testing, and identifies security issues requiring immediate resolution.
- Participates in new technology evaluations, design and implementation of new and/or enhanced information security systems and related security programs. Provides recommendations to management of product(s) for upgrades, patches and other general security measures to ensure secured systems.
- Adheres to all compliance standards set forth by Federal and State laws including, but not limited to: BSA, Money Laundering, Regulation CC and privacy of member information. Complete annual training, where applicable, to remain current with regulations and compliance procedures. Maintain and demonstrate practical knowledge of branch and/or facility security procedures to ensure the safety and soundness of the credit union.
- Ability to lift 25 pounds, sit for long periods of time and use a computer for prolonged periods of time.
Education and Experience
- Bachelor’s Degree in a related field or the equivalent combination of training, education, and experience. Certification such as Security+, CISSP, CISM, or CISSA is a plus.
Four years of progressive technical experience in the area of Information Systems, with at least two years of specialized experience in the area of Information Systems Security.
- Must have an understanding of Information Security industry standards/ best practices, security threats, vulnerabilities, attacks, and techniques.
- Experience in incident response; knowledge in supporting system forensics, event logging systems, authentication methods, remote and local web application security, penetration testing. Ability to report findings clearly and objectively in writing.
- Minimum of two years of experience demonstrating knowledge of information security programs and operations, data security practices and procedures, including risk identification/assessment, authentication technologies, and security attack pathologies.
- Strong planning and organizational skills to set priorities and achieve goals is required.
Strong research, analytical, and problem solving skills preferably related to technologies and technical program designs.
Effective verbal, written and interpersonal communication skills. Proven ability to present findings and conclusions clearly and concisely to all levels of employees, management and/or vendors.
Knowledge of NCUA and FFIEC regulations, GLBA, PCI and other information security requirements and framework knowledge of the financial services industry is a plus.