Information Security Analyst
Job Description:
Essential Functions:
- Embraces the Embold Experience including our Mission and Vision Statements, Core Values and service standards.
- Monitor for security breaches in partnership with 3rd party security partners
- Ensure the secure operation of computer systems, servers and network connections
- Oversee the development, implementation and maintenance of security policies, procedures and plans based on industry standard best practices
- Monitor server logs, firewall logs, intrusion detection log and network traffic for unusual or suspicious activity
- Investigate security issues until resolution
- Lead efforts with other technology associates to fully secure confidential information and systems
- Oversee regular penetration testing of all systems in order to identify system vulnerabilities
- Lead security configuration determinations and participate in implementation of upgrades and changes as necessary
- Proactively recommend solutions related to security issues and opportunities
- Work with internal and external auditors to prepare documentation for audits and exams, and work with IT management to address open audit and exam findings
- Serve as a technical and procedural resource for the team in all security related areas
- Assist with information security training in the department and across the organization
- Serve as an information security point of contact in disaster recovery procedures and other measures required in the event of a security breach
- Organize and lead root cause analysis and response reviews for security issues as needed
- Report metrics to ensure accurate reporting of the cyber environment
- Document security breaches and assess the damage
- Participate in the design, configuration & deployment of information security infrastructures
- Subscribe to threat notification networks, new regulations and information sharing networks to stay current on requirements and new threats to the industry
- Build relationships across the organization to ensure efficient use of controls
- Maintain a high level of knowledge of Credit Union internal controls, compliance, laws, regulations, guidelines, policies and procedures in the area of responsibility.
- Maintain strict confidentiality regarding all non-public data and uphold the financial integrity of the Credit Union.
- Advise manager of any atypical situation that could pose a threat, risk or loss to the Credit Union
- Establish and maintain productive and effective working relationships with the Embold team.
- Perform other duties and responsibilities including departmental and individual goals and objectives as assigned.
Competencies:
- Communication / Teamwork
- Job Knowledge
- Member / Market Focus
- Analytic / Critical Thinking
- Professionalism
- Attention to Detail
- Workplace Safety
Other Expectations:
- Advanced PC skills and aptitude in various software applications
- Understanding of local and wide area networks (LAN/WAN), Internet, electronic communication systems, telecommunications, virtualization
- Advanced understanding of information security technologies such as endpoint protection, SEIM, firewalls, VPNs, IDS/IPS, vulnerability scanning, and data loss prevention.
- Palo Alto, Carbon Black, Tandem, GFI Langured, Nmap, Rapid7, Nessus, Wireshark, CrowdStrike, Varonis, Barracuda
- Participation in community and/or volunteering events preferred.
- Continual understanding, applied knowledge of, and adherence to the Bank Secrecy Act and all federal, state, and local financial regulations and reporting.
- Ongoing professional development – must complete the annual required courses and trainings; must meet expectations on Performance Evaluations and Behavioral Expectations.
Management Scope:
- Has no supervisory/managerial responsibilities.
Interpersonal Skills:
- A significant level of trust, credibility and diplomacy is required. In-depth dialogue, conversations and explanations with members, direct and indirect reports and outside vendors can be of a sensitive and/or highly confidential nature. Communications may involve motivating, influencing, educating and/or advising others on matters of significance. Typically includes subject matter experts as well as first level to middle managers.
Independent Judgement:
- A professional level of self-direction and autonomy is expected of this position. Diversified procedures, specialized job standards, and specific policies, as well as agreed upon objectives, deadlines and priorities limit the latitude permitted for independent judgment requiring analytical ability, judgment, and time management skills. The employee prioritizes their work-flow, carries out the successive steps and handles problems and deviations in the work assignment in accordance with instructions, policies, previous training, or accepted practices in the occupation. This can be a mid-level manager or a high individual contributor.
Mental Complexity:
- Problems encountered require analytical interpretation, evaluation and/or constructive thinking. Problems require analysis of a wide variety of data; weighing the desirability and/or probability of possible outcomes in relationship to each other. This position may address any complex issues for the department that don’t have previous precedent to draw upon.
Organizational Impact:
- The position is expected to have a notable impact on current financial or strategic organizational goals and objectives. The effects of the job could impact a segment of customers and/or employees across several functional areas. However, decisions or results that could have an organization wide impact would be preapproved by a more senior level position.
Potential for Error:
- Limited supervision and inspection of work. Errors can be difficult to detect and resolve and/or the consequences of potential errors can be of significance including, but not limited to lawsuits, lost assets or revenue of a significant value or poor external audit.
Physical Requirements:
- Perform primarily sedentary work with limited physical exertion and lifting up to 10lbs regularly; on occasion lifting up to 30lbs.
- Must be capable of climbing / descending stairs in emergency situation.
- Must be able to operate routine office equipment; e.g. computer, telephone, scanner, copier, facsimile, and calculator.
- Must be able to sit or stand for long periods of time.
- Must be able to routinely perform work on computer for an average of 6-8 hours per day.
- Must be capable of travel by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
- Must be capable of regular, reliable and timely attendance.
Working Conditions:
- This job operates in a professional environment.
- Days and hours of work will be established to cover office operations, typically ranging Monday through Saturday.
- Must be able to work extended hours whenever required or requested by management.
- This position may be required to travel to other branches for coverage, and to all staff meetings.
- Potential exposure to hazards, i.e. robbery, etc.
Mental and/or Emotional Requirements:
- Must be able to perform job functions independently and work effectively as part of a team.
- Must be able to plan and direct the work activities of self and others.
- Must be able to read and carry out various written and oral instructions.
- Must be able to speak clearly and deliver information in a logical and understandable sequence.
- Must be able to perform basic financial calculations with extreme accuracy.
- Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of member service and discretion when dealing with the public.
- Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace.
- Must be able to effectively handle multiple, simultaneous, and changing priorities.
- Must be capable of exercising highest level of discretion on both internal and external confidential matters.
Experience:
- REQUIRED: Minimum of 3 years industry related experience, and at least 1 year of direct information security monitoring and response experience.
- PREFERRED: Five years of related experience in the financial services industry and security certification (CISSP)
Education:
- REQUIRED: (1) College Degree or (2) achievement of formal certifications recognized in the industry as equivalent to a bachelor’s degree (e.g. information technology certifications in lieu of a degree).
- PREFERRED: Bachelor’s Degree and/or equivalent experience plus five year in a related field.
Work Schedule
FULL-TIME – Exempt – 8:30 AM – 5:30 PM Monday thru Friday.
Starting Pay Range
$75,063.77 to $88,310.32 per hour based on experience
Benefits: Here are a few of our great benefits.
Medical, Vision, and Dental- Generous PTO-401k- Education Reimbursement & Student Loan Repayment Assistance and the onsite gym at administrative headquarters.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.