Ensure effective integration of IT Systems and services with IT security policies, regulatory compliance guidelines and information protection strategies. Monitor and report on security event logs and change management activities of the Credit Union’s computing environment including but not limited to: policy violations, abnormal behaviors, intrusions, best practice recommendations, etc. Serve as a liaison for IT security audits, scans and other security/audit related activities. Research and recommend best practices to secure the Credit Union Systems and Data. Promote technology security awareness programs within the Credit Union.
- Monitor the Credit Union computing environment (servers, firewalls, intrusion detection/prevention systems, anti-virus and malware) logs, and network traffic for activities including but not limited to: policy violations, abnormal behaviors, intrusions, best practice recommendations, etc.
- Coordinate the vulnerability assessments and security risk assessments of Credit Union resources. Assists internal and external auditors as required.
- Coordinate, perform, and oversee penetration testing of all networks and systems in order to identify system and application vulnerabilities.
- Coordinate information protection activities and projects with other groups within the Credit Union, business partners, and vendors of information protection services, and other organizations to ensure effective definition, development, and implementation of appropriate information protection measures.
- Review change management activities across the IT organization and recommend changes to ensure secure and compliant technology operations.
- Coordinate data loss prevention activities across the Credit Union computing environment.
- Recommend risk mitigation controls and procedures based on vulnerability, risk and security review/assessment reports.
- Identify material risks and take and/or recommend action(s) to mitigate them using security analysis techniques and industry best practices while minimizing data loss.
- Actively participate in forensic and incident response activities. Open security incident tickets and tracks issues through resolution.
- Stay vigilant and keep the Credit Union informed about latest security threats.
- Actively promote computing environment related security awareness programs within the Credit Union.
- Assist in development of technology policies and standards needed to maintain the security of the Credit Union’s computing environment.
- Develop and maintain technology Security training program for the Credit Union.
- Provide ongoing training to the Credit Union employees on best practices for secure operations.
- Maintain and update the Information Security Program Standards and Procedures to stay in compliance with existing, new or changing regulations and auditing recommendations.
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
- Evaluate, recommend, and/or implement solutions to current or potential security threats as they relate to the Credit Union’s computing environment.
- Monitor and evaluate emerging security alerts/issues, recommend remediation alternatives.
- Review and analyse security standards of current and potential vendors. This includes but is not limited to review of: SSAE 16, PCI and other audit and compliance reports.
- Effectively plan and manage assigned activities to ensure that objectives and schedules are met.
- Assist in development and management of the IT Budget.
- Provide help-desk assistance.
- Assist with technology vendor management and due diligence activities.
Knowledge, Skills and Abilities
1. Knowledge of latest information technology (IT) security trends and security standards (e.g. ISO 17799/27002, etc)
2. Awareness of the rules and regulations related to information security and data confidentiality (e.g. FERPA, HIPAA, FFIEC).
3. Have intermediate knowledge of network security principles for risk identification and analysis of desktops, virtualization, mobile, tablets, servers, applications and databases.
4. Strong analytical and problem solving skills.
5. Working knowledge with Security Information and Event Management (SIEM) software, IDS/IPS nodes
and DLP, anti-virus and anti-malware platforms..
6. Excellent written, verbal, customer relations and organizational skills.
7. May be required to work overtime hours including early mornings, late nights, weekends and
participate in an on-call rotation.
8. Physical effort may be required to lift and move equipment in boxes. (Approximately up to 30 lbs.).
Five (5) years of experience in computing and information security OR a Bachelors degree in a technology / related field plus one (1) year experience with internet technology, servers, mobile, tablet, and security issues, OR an Associates degree in a technology related field plus three (3) years experience.
Preferred but not required: Undergraduate degree in computer science and CISSP or GIAC or other security or technology certifications desired such as a CompTIA Security+ with Continuing Education (CE) certification.