We are hiring two Security Analysts. Although the ideal candidates will possess all the listed qualifications, their respective responsibilities will (at least in the short term) be focused in one of two areas: a) Security Awareness Training or b) Information Security Standards creation coupled with technical writing. We are looking for candidates who not only have experience but also have interest in primarily performing one of these two functions
This position will assist the Security Operation Center in their mission to protect the information assets of the Credit Union. Conduct and document IT risk assessments. Consult with management on IT risks and controls for new and existing information systems services and platforms, including third-party service providers. Develop, maintain, and publish up-to-date cybersecurity policies, procedures, standards and guidelines to protect AFCU assets. Conduct cybersecurity training to business and IT personnel. Investigate, evaluate, and recommend information security solutions. Conduct information security assessments, control audits, and compliance testing against industry information security standards, best practices, and internal company policy, standards, and procedures. Make recommendations on how to improve the security posture at the Credit Union.
1. Responsible, under the direction of the manager, for cybersecurity policies, procedures, standards, and guidelines.
a. Develop, maintain, and publish cybersecurity policies, procedures, standards, and guidelines in accordance with industry standards such as NIST, CIS, FFIEC, etc. Make them available to employees via the Security Operations Center intranet site.
2. Responsible, under the direction of the manager, for IT Risk Assessments within the organization
a. Work closely with ERM team members to facilitate all IT Risk Management processes and reporting.
b. Assists Departments with the IT security assessments of various software purchases, external vendors, and technology service providers.
3. Verifies information security controls are designed and operating effectively.
a. Verity’s that Credit Union policies, procedures, and controls are conducted in accordance with established security standards.
b. Works closely with Internal Audit on all internal audits, external audits, and examination to coordinate the gathering of documentation and evidence.
c. Conduct compliance and audit testing against industry standards, best practices, and company policies and procedures.
d. Perform regular information security assessments to ensure AFCU’s people, process, and technology are designed and operating effectively so as to maintain a sound information security profile.
e. Responsible for tracking, following up on, and reviewing evidence to ensure that outstanding cybersecurity finding are remediated in a timely manner.
4. Conducts Information Security Training
a. Responsible for information security awareness trainings to business and IT personnel. This includes such things as monthly updates to employee facing security awareness training, required annual training, conducting phishing tests, and performing other random social engineering tests on a regular basis.
b. Responsible for communicating with all AFCU staff regarding cybersecurity related concerns and/or questions.
5. Assumes responsibility for related duties as required or assigned.
a. Assist stake holders in their remediation of identified risks and vulnerabilities.
b. Stay informed of changes in computer technology and security.
c. Earn and maintain industry certifications.
d. Keep work area clean, secure, and well-maintained.
e. Complete special projects as assigned.