Information Security Analyst

Branch/Office
SERVICE CENTER
Department
SECURITY OPERATIONS CENTER
City
ROY
Address
4059 SOUTH 1900 WEST
Position Status
40 HR
Schedule
Mon- Fri
External Comments

We are hiring two Security Analysts.  Although the ideal candidates will possess all the listed qualifications, their respective responsibilities will (at least in the short term) be focused in one of two areas: a) Security Awareness Training or b) Information Security Standards creation coupled with technical writing.  We are looking for candidates who not only have experience but also have interest in primarily performing one of these two functions

Overview

This position will assist the Security Operation Center in their mission to protect the information assets of the Credit Union.  Conduct and document IT risk assessments.  Consult with management on IT risks and controls for new and existing information systems services and platforms, including third-party service providers.  Develop, maintain, and publish up-to-date cybersecurity policies, procedures, standards and guidelines to protect AFCU assets. Conduct cybersecurity training to business and IT personnel.  Investigate, evaluate, and recommend information security solutions.  Conduct information security assessments, control audits, and compliance testing against industry information security standards, best practices, and internal company policy, standards, and procedures. Make recommendations on how to improve the security posture at the Credit Union.

Responsibilities

 

1. Responsible, under the direction of the manager, for cybersecurity policies, procedures, standards, and guidelines.


a. Develop, maintain, and publish cybersecurity policies, procedures, standards, and guidelines in accordance with industry standards such as NIST, CIS, FFIEC, etc. Make them available to employees via the Security Operations Center intranet site.

 

 

2. Responsible, under the direction of the manager, for IT Risk Assessments within the organization


a. Work closely with ERM team members to facilitate all IT Risk Management processes and reporting.
b. Assists Departments with the IT security assessments of various software purchases, external vendors, and technology service providers.

 

 

3. Verifies information security controls are designed and operating effectively.


a. Verity’s that Credit Union policies, procedures, and controls are conducted in accordance with established security standards.
b. Works closely with Internal Audit on all internal audits, external audits, and examination to coordinate the gathering of documentation and evidence.
c. Conduct compliance and audit testing against industry standards, best practices, and company policies and procedures.
d. Perform regular information security assessments to ensure AFCU’s people, process, and technology are designed and operating effectively so as to maintain a sound information security profile.
e. Responsible for tracking, following up on, and reviewing evidence to ensure that outstanding cybersecurity finding are remediated in a timely manner.

 

 

4. Conducts Information Security Training


a. Responsible for information security awareness trainings to business and IT personnel. This includes such things as monthly updates to employee facing security awareness training, required annual training, conducting phishing tests, and performing other random social engineering tests on a regular basis.
b. Responsible for communicating with all AFCU staff regarding cybersecurity related concerns and/or questions.

 

 

5. Assumes responsibility for related duties as required or assigned.


a. Assist stake holders in their remediation of identified risks and vulnerabilities.
b. Stay informed of changes in computer technology and security.
c. Earn and maintain industry certifications.
d. Keep work area clean, secure, and well-maintained.
e. Complete special projects as assigned.

Qualifications

Training/Education/Certifications:

 

  • A four-year college degree in a computer related field or equivalent combination of education and experience preferred.
  • CISSP, Security +, CISA certification or certifications from one of the following bodies: SANS, Microsoft, CompTIA preferred.
  • Must be goal orientated, action-focused, pragmatic and self-disciplined.
  • Demonstrate ability to conceptualize, analyze, and communicate complex information security issues and concerns to technical and non-technical personnel.
  • Must have good organizing and communication skills.

 

Required Knowledge:

  • Understand the information security risks which affect information systems design, modification, and processing activities.
  • Demonstrate the ability to identify and properly scope those risks, and formulate recommendations that are appropriate, practical and cost-effective.
  • Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems.
  • Understanding of IT risk and vulnerability mitigation.
  • Familiarity with technology in the following areas: Cryptography, Linux, DBMS, Networking components, IDS/IPS, Servers, AD, Wireless, Mainframe, Automated/Application Controls, Access Controls, Firewalls, Physical Security, and Security Architecture/Design.
  • Familiarity in the following areas: IT Project Management; System Development Life Cycle; Business Continuity and Disaster Recovery Planning; System Change Management; Legal, Regulation, Compliance, and Investigation procedures; and Segregation of Duties in IT.
  • Familiarity with security industry frameworks, best practices, and guidance, such as CFR Part 748, FFIEC, NIST SP 800-30, NIST SP 800-53, NIST Cybersecurity Framework, NCUA’s ACET, CIS 20 CSC, and PCI.
  • Possess knowledge and understanding of concepts, protocols, best practices and principles as a means of relating IT risk, IT audit, compliance requirements, and security training to meet the needs of the business.

 

Experience:

  • 5 years in IT security, IT consulting, IT auditing, and/or IT risk assessments.

 

Skills/Abilities:

  • Create flow charts and diagrams using Visio.
  • Strong verbal and written communication skills.
  • Well organized, detail oriented, and accurate.
  • Analytical, problem-solving, and investigatory ability in things pertaining to IT.
  • Tough minded, persistent, cooperative, and willing to assist others.
  • Work well independently and meet deadlines.

Apply

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed