Sr Information Security Specialist

Purpose/Duties: Under minimal supervision, responsible for maintaining and monitoring the security systems used by the Credit Union’s Information Security Program. Assists the Chief Information Security Officer (CISO) to ensure that the Program meets or exceeds the information security standards prescribed by National Credit Union Administration (NCUA) regulations and other applicable federal and state information security laws and regulations.

Responsibilities:

• Works in collaboration and partnership with business units to communicate and facilitate security controls.
• Assists with the administration of the Information Security program.
• Investigates new Information Security technologies and makes recommendations on the best use of technology.
• Responsible for interfacing with different credit union departments for training and educating staff on Information Security procedures.
• Works with information technology staff to standardize the access and security privileges for internal systems.
• Participates in application development and infrastructure projects to ensure that security requirements are properly identified, understood, and satisfied.
• Ensures that adequate records are retained and assists with preparation of periodic reports as needed.
• Monitors and reviews security logs, alerts, and reports for suspicious activity.
• Investigates any noted irregularities in security logs and reports findings to the Chief Information Security Officer.
• Reviews requests and communicates these requests for all connections by third parties and remote users to internal network and Host processing system.
• Assists with coordination and remediation of external vulnerability and penetration tests.
• Actively works with security application vendors to ensure systems are operating correctly.
• Attends courses and seminars as needed to maintain knowledge of current information security technologies and threats.
• In-depth knowledge of network operations, including network architecture, protocols, and services.
• Experience with network monitoring and management tools.
• Ability to troubleshoot and resolve network issues.
• Understanding of network security measures and best practices
• Strong analytical and problem-solving skills.
• Ability to assess complex situations and identify potential security risks.
• Capability to develop and implement effective security solutions.
• Proficiency in evaluating the impact of new technologies on existing security measures.
• Maintains the highest level of Integrity and conducts oneself in an ethical manner.
• Actively supports the mission, vision, and core values of the Credit Union.
• Keeps work area neat and organized.
• Participates in continuing education as approved by supervisor.
• Maintains confidential data.
• Ensures that the confidentiality of all information and transactions regarding the Credit Union, its members, and its employees are held to the highest level of business ethics.
  
  
  

Required Skills/Experience:

• Education: Bachelor’s degree preferred
• Certification: GCED, CISA, CISM
• Experience: 2 information security and 4 infrastructure
• Capability: Ability to occasionally lift up to 40 lbs.
  
  
  

Preferred Knowledge, Skills, and Abilities:

• Knowledge of cybersecurity and privacy principles.
• Knowledge of computer networking concepts and protocols, and network security methodologies.
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
• Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• Knowledge of cyber threats and vulnerabilities.
• Skill in assessing security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Knowledge of Personally Identifiable Information (PII) data security standards.
• Knowledge of Personal Health Information (PHI) data security standards.
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Skill in developing and applying security system access controls.
• Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Knowledge of an organization's information classification program and procedures for information compromise.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• Knowledge of security management.
• Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
• Knowledge of various types of computer architectures.
• Knowledge of configuration management techniques.
• Knowledge of systems security testing and evaluation methods.
• Knowledge of how to use network analysis tools to identify vulnerabilities.
• Skill in evaluating the adequacy of security designs.
• Skill in assessing security systems designs.
• Skill in recognizing vulnerabilities in security systems (e.g., vulnerability and compliance scanning).
• Analytical skills with ability to use sound business judgment and to exercise skepticism as needed.
• Process focused experience including the ability to assess, interpret, and guide corporate processes.
• Analytical skills with ability to use sound business judgment and to exercise skepticism as needed.
• Process focused experience including the ability to assess, interpret, and guide corporate processes.
  
  
  

Achieva Credit Union is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Achieva Participates in E-Verify.