Information Security Analyst

Role

Reporting directly to the VP/CIO, the Information Security Analyst is responsible for monitoring, evaluating, and maintaining systems and procedures to protect the data systems and databases from unauthorized users. Identifies potential threats and responds to reported security violations. Determines causes of security violations and recommends corrective actions to ensure data security. Researches, plans, recommends, and implements changes to procedures and systems to protect and enhance data systems security. Assists in communicating security procedures to users.

Major Duties and Responsibilities

• Provides documented analysis of and make determinations about security events. Investigates suspected attacks and recommends remedial action. Ensures all identified breaches in security are promptly and thoroughly investigated.• Determines when security issues should be escalated to management.• Drives a program of annual IT audit work, including annual plan development, audit fieldwork, writing of issue reports, and partnership with colleagues in Internal Audit to perform IT testing during projects (i.e. Integrated Auditing)• Creates and collects documentation from IT and business departments in preparation for NCUA, DFI and external audit annual exams• Manages Credit Union corporate BCP/DR plan.• Collaborates with IT management to review and perform annual tests of BCP/DR and IRP plans.• Collaborates with Enterprise Risk Management on risk assessments and testing of data processing systems.• Drafts and maintains the policy, standards, procedures and documentation for IT security.• Provides scalable planning for the security of systems and applications as well as how they are to be tested and monitored.• Monitors compliance of information security procedures and policies and reports infringements to appropriate personnel. • Monitors enterprise security solutions. • Tracks the status of known Information Security exposures, works with Information Technology (IT) and business departments to promote remediation of known exposures• Serves as liaison to external security firms to promote and ensure systems security and availability• Colaborates with IT manager to monitor core security infrastructure services including, but not limited to, antivirus, firewall, IPS, and IDS.• Develops and delivers security awareness training content to all new hires and others as applicable• Cross train with network and technology operations teams to enable backup support in each area• Conducts research to remains abreast of computer technology and trends and makes recommends of security enhancements and purchases to manager for potential improvements in the system that might enhance the credit union's ability to delivery products and services to members in a security environment. • Supports IT Helpdesk • Safeguards equipment, software, data and tools, preventing loss, theft or accidental destruction of parts, supplies and equipment.• Evaluate, plan, develop systems and procedures, assess project feasibility and test for all IT related projects and goals. Must meet and work with IT staff, department heads, management and supervisors to assist in the assessment of current needs, long-term goals and projects needed for the organization's infrastructure.• Assist VP/CIO & IT Manager in the research, development and maintenance of written procedures, policies, internal controls, budgeting, performance monitoring, reporting, priority setting and business plan. • Ability to profile and manage the prevention, detection, containment and correction of security breaches, develop and implement policy and practices, and execute compliance plan and awareness training.

Knowledge and Skills

Experience/Education:

Bachelors degree (B.A.) from four year college or university in computer science and/or Information Security and 3-5 years related experience with information security including but not limited to External/Internal penetration testing, vulnerability scanning, and remediation methods of identified vulnerabilities/findings.

Expert knowledge of SEIM’s and a strong knowledge base of networking, routers, and firewalls.

Preferred Qualifications:

Experience working with Rapid 7 systems and administering a BCP.

Certificates & Licenses: Completed, maintaining (active) and or pursing professional certifications and or licensing such as, but not limited to, SANS, GIAC, CISSP, CISM, CISA and or CCNA are preferred.

Interpersonal Skills: The ability to motivate or influence others is a material part of the job, requiring a significantlevel of diplomacy and trust. Obtaining cooperation (internally and/or externally) is an important part of the job.

Other Skills:

- Standard concepts and best practices within the Information Technology and Telecommunications field. - Firewall technologies; designing, implementing, programming and maintaining firewalls.- Hacking, virus and security threats, techniques, technologies, detection and prevention - Copper, fiber and wireless technologies. - TCP/IP; ports, sockets, routing and subnetting. - Ethernet, SDWAN, MPLS, VPN and remote access technologies. - Microsoft desktop and server operating systems that include but are not limited to- Windows 1011 and Windows Server 2016 or greater.- Microsoft Office, Microsoft Visio and Microsoft Project. - Microsoft's Outlook 365. - Enterprise storage technologies; iSCSI, SAN, fiber channel and replication technologies.- Firewall Security- Router and Switch Security- Windows Security- Linux Security- Expert knowledge SEIM’s- Familiar with External/Internal penetration testing/vulnerability scanning- Have worked with outside security vendors- Understanding of tcp/ip networking

***The above statements reflect the general details necessary to describe the principle functions of the position described and shall not be construed as a detailed description of all work requirements that may be inherent in the position

Salary Minimum

USD $77,290.76/Yr.

Salary Maximum

USD $115,936.14/Yr.

Regular Full-Time