Information Security Analyst (Glendale/San Diego)

General Summary

Responsible for the safeguarding of sensitively classified data on the California Credit Union (CCU) network, responding to and investigating information security incidents, participating in information technology risk assessments, and development and delivery of security training and awareness for staff, all in accordance with the Information Security Program.

Principal Accountabilities (60%)

• Investigate system security-related incidents, including suspected or confirmed system intrusions and other malicious acts; mitigate incidents in accordance with adopted policies and procedures. Escalate critical or unknown anomalous activity to the Vice President Information Security.
• Performs proactive threat hunting, actively seeking indications of compromise to detect evasive threats throughout the credit union network.
• Assesses threat intelligence from dozens of reputable industry sources and develops plans and mitigation strategies to address the ever-changing threat landscape.
• Assist the Security Manager in regular testing of key security controls and make calculated, risk-based decisions to mitigate vulnerabilities.
• Work closely with Information Technology Services (ITS) to ensure the compliance of key Information Systems to the Information Security Program.
• As a key member of the Computer Security Incident Response Team, participate in mock incident response exercises, and utilize lessons learned to inform the Information Security Program.
• Manage full system operations for assigned systems, including, but not limited to, software updates, system configuration parameters, user configuration, and data backup and recovery processes.
• Develop and maintain application and hardware standards and retain full documentation for each assigned system.
• Maintain regular communication with ITS, other business units, and vendors regarding their business and technical plans to ensure adherence to CCU policies and standards.
• Research information security best practices and recommend changes to the VP Information Security.
• Ensure plans are in place for effective backup of critical information as well as business continuity and disaster recovery controls in accordance with adopted policies and procedures.
• Assist the VP Information Security with administration of the Security Training and Awareness Program; provide basic information security training and awareness to staff.
• Participate in and contribute to cross-functional projects.
• Interact with vendors for purchases, repairs, installation, maintenance and support for new and existing systems.
• Perform system analysis periodically to optimize system capacity and efficiency.

Secondary Accountabilities (40%)

• Excellent written and oral communication skills; ability to communicate effectively and project a professional image when giving and taking information in writing, in person and over the phone.
• Ability to effectively present information to top management, internal groups and/or outside parties.
• Strong interpersonal skills with the ability to work effectively with individuals and groups at all organizational levels; ability to work independently and as part of a team.
• Ability to read, analyze and interpret common security and computer industry publications and technical journals and regulations.
• Ability to respond to common inquiries and/or complaints from customers, regulatory agencies or outside parties.
• Ability to define problems, collect data, establish facts and draw valid conclusions.
• Ability to interpret extensive variety of technical instruction in diagram form and deal with several abstract and concrete variables.
• Ability to take initiative, assume responsibility and prioritize tasks; good time-management, organizational, problem-prevention and problem-solving skills.
• Willingness and ability to adapt to changing business needs and deadlines.
• Ability to maintain confidentiality of sensitive information.
• Possess a work ethic that includes neatness, punctuality and accuracy.
• Ability to complete or resume tasks despite interruptions.
• Adhere to federal and state regulations, credit union policies, and other compliance obligations.
• Consistently achieve stated goals.
• Participate in required meetings and training.
• Support management and member decisions and goals in a positive, professional manner.
• Comply with BSA requirements as commensurate with position.
• Perform other duties as assigned.

Position Requirements and Qualifications

Knowledge, Education, Certifications, Licenses:

• High School Diploma or equivalent; and
• Bachelor s degree or equivalent; or
• Three (3) years of information security or network administration professional work experience, preferably within the financial services vertical.
• ISC2 CISSP, ISC2 SSCP, CompTIA Security , GIAC GSEC, Cisco CCNA or similar certificates desirable.

Working Conditions and Physical Demands

Work is performed in a general office environment. This position does not require significant physical efforts; however, incumbent must be able to lift up to 50 lbs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. Refer to the Safety & Health Policy found in California Credit Union s Employee Handbook & Resource Guide.