Information Security Analyst

Learn more about working at Embold here: http://bit.ly/clackamas-youtube

Expand your career and join the Embold Credit Union Team!

We are boldly growing to new heights while deepening our community roots.

Since 1957, we have served Clackamas County with the mission of helping our members meet their financial goals. In 2021, an expansion allowed the credit union to begin serving anyone who lives, works, worships or attends school in Clackamas, Marion, Multnomah, Polk, Washington, and Yamhill counties.

From these roots, Embold Credit Union was born. Our name change helps demonstrate our commitment to our entire service area, but the important things remain the same — our commitment to serving our members and our communities.

What makes Embold different from a bank? Our structure, values, and impact. We put people before profits. We’re committed to bringing innovative financial services to our membership, including ITIN lending services, Payday Alternative Loans, and financial planning specific to families of special needs children. And we’re dedicated to making an impact in our communities through volunteerism, investment, and fundraising.

Embold believes that each employee makes a significant contribution to the success of our Mission, Vision, and Values. This position description is designed to outline primary duties, qualifications and job scope, but not limit the incumbent nor the Credit Union to just the work identified. Your contributions should not be limited by the assigned responsibilities. It is our expectation that each employee will offer their services where needed to ensure the success of our endeavors.

Position Summary:

Provide monitoring and response to security issues as they relate to information technology in order to protect the confidentiality, integrity and availability of organizational information assets. The position requires an investigative mind and the ability to work with several tools or third parties to support technical security controls. This role reports to the CIO and has regular contact with all departments and technology vendors to provide guidance on matters of information security, maintain knowledge of emerging cyber threats, share actionable intelligence and consult key stakeholders to help Embold Credit Union meet security objectives.

Essential Functions:

• Embraces the Embold Experience including our Mission and Vision Statements, Core Values and service standards.
• Monitor for security breaches in partnership with 3rd party security partners
• Ensure the secure operation of computer systems, servers and network connections
• Oversee the development, implementation and maintenance of security policies, procedures and plans based on industry standard best practices
• Monitor server logs, firewall logs, intrusion detection log and network traffic for unusual or suspicious activity
• Investigate security issues until resolution
• Lead efforts with other technology associates to fully secure confidential information and systems
• Oversee regular penetration testing of all systems in order to identify system vulnerabilities
• Lead security configuration determinations and participate in implementation of upgrades and changes as necessary
• Proactively recommend solutions related to security issues and opportunities
• Work with internal and external auditors to prepare documentation for audits and exams, and work with IT management to address open audit and exam findings
• Serve as a technical and procedural resource for the team in all security related areas
• Assist with information security training in the department and across the organization
• Serve as an information security point of contact in disaster recovery procedures and other measures required in the event of a security breach
• Organize and lead root cause analysis and response reviews for security issues as needed
• Report metrics to ensure accurate reporting of the cyber environment
• Document security breaches and assess the damage
• Participate in the design, configuration & deployment of information security infrastructures
• Subscribe to threat notification networks, new regulations and information sharing networks to stay current on requirements and new threats to the industry
• Build relationships across the organization to ensure efficient use of controls
• Maintain a high level of knowledge of Credit Union internal controls, compliance, laws, regulations, guidelines, policies and procedures in the area of responsibility.
• Maintain strict confidentiality regarding all non-public data and uphold the financial integrity of the Credit Union.
• Advise manager of any atypical situation that could pose a threat, risk or loss to the Credit Union
• Establish and maintain productive and effective working relationships with the Embold team.
• Perform other duties and responsibilities including departmental and individual goals and objectives as assigned.

Competencies:

• Communication / Teamwork
• Job Knowledge
• Member / Market Focus
• Analytic / Critical Thinking
• Professionalism
• Attention to Detail
• Workplace Safety

Other Expectations:

• This position is responsible for providing support to other departments/branches as needed. This could result in a temporary or permanent reassignment to another department/branch based on organizational needs.
• Advanced PC skills and aptitude in various software applications
• Understanding of local and wide area networks (LAN/WAN), Internet, electronic communication systems, telecommunications, virtualization
• Advanced understanding of information security technologies such as endpoint protection, SEIM, firewalls, VPNs, IDS/IPS, vulnerability scanning, and data loss prevention.
  • Palo Alto, Carbon Black, Tandem, GFI Langured, Nmap, Rapid7, Nessus, Wireshark, CrowdStrike, Varonis, Barracuda
• Participation in community and/or volunteering events preferred.
• Continual understanding, applied knowledge of, and adherence to the Bank Secrecy Act and all federal, state, and local financial regulations and reporting.
• Ongoing professional development – must complete the annual required courses and trainings; must meet expectations on Performance Evaluations and Behavioral Expectations.

Management Scope:

• Has no supervisory/managerial responsibilities.

Interpersonal Skills:

• A significant level of trust, credibility and diplomacy is required. In-depth dialogue, conversations and explanations with members, direct and indirect reports and outside vendors can be of a sensitive and/or highly confidential nature. Communications may involve motivating, influencing, educating and/or advising others on matters of significance. Typically includes subject matter experts as well as first level to middle managers.

Independent Judgement:

• A professional level of self-direction and autonomy is expected of this position. Diversified procedures, specialized job standards, and specific policies, as well as agreed upon objectives, deadlines and priorities limit the latitude permitted for independent judgment requiring analytical ability, judgment, and time management skills. The employee prioritizes their work-flow, carries out the successive steps and handles problems and deviations in the work assignment in accordance with instructions, policies, previous training, or accepted practices in the occupation. This can be a mid-level manager or a high individual contributor.

Mental Complexity:

• Problems encountered require analytical interpretation, evaluation and/or constructive thinking. Problems require analysis of a wide variety of data; weighing the desirability and/or probability of possible outcomes in relationship to each other. This position may address any complex issues for the department that don’t have previous precedent to draw upon.

Organizational Impact:

• The position is expected to have a notable impact on current financial or strategic organizational goals and objectives. The effects of the job could impact a segment of customers and/or employees across several functional areas. However, decisions or results that could have an organization wide impact would be preapproved by a more senior level position.

Potential for Error:

• Limited supervision and inspection of work. Errors can be difficult to detect and resolve and/or the consequences of potential errors can be of significance including, but not limited to lawsuits, lost assets or revenue of a significant value or poor external audit.

Physical Requirements:

• Perform primarily sedentary work with limited physical exertion and lifting up to 10lbs regularly; on occasion lifting up to 30lbs.
• Must be capable of climbing / descending stairs in emergency situation.
• Must be able to operate routine office equipment; e.g. computer, telephone, scanner, copier, facsimile, and calculator.
• Must be able to sit or stand for long periods of time.
• Must be able to routinely perform work on computer for an average of 6-8 hours per day.
• Must be capable of travel by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities.
• Must be capable of regular, reliable and timely attendance.

Working Conditions:

• This job operates in a professional environment.
• Days and hours of work will be established to cover office operations, typically ranging Monday through Saturday.
• Must be able to work extended hours whenever required or requested by management.
• This position may be required to travel to other branches for coverage, and to all staff meetings.
• Potential exposure to hazards, i.e. robbery, etc.

Mental and/or Emotional Requirements:

• Must be able to perform job functions independently and work effectively as part of a team.
• Must be able to plan and direct the work activities of self and others.
• Must be able to read and carry out various written and oral instructions.
• Must be able to speak clearly and deliver information in a logical and understandable sequence.
• Must be able to perform basic financial calculations with extreme accuracy.
• Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of member service and discretion when dealing with the public.
• Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace.
• Must be able to effectively handle multiple, simultaneous, and changing priorities.
• Must be capable of exercising highest level of discretion on both internal and external confidential matters.

Experience:

• REQUIRED: Minimum of 3 years industry related experience, and at least 1 year of direct information security monitoring and response experience.
• PREFERRED: Five years of related experience in the financial services industry and security certification (CISSP)

Education:

• REQUIRED: (1) College Degree or (2) achievement of formal certifications recognized in the industry as equivalent to a bachelor's degree (e.g. information technology certifications in lieu of a degree).
• PREFERRED: Bachelor’s Degree and/or equivalent experience plus five year in a related field.

Work Schedule

FULL-TIME – Exempt - 8:30 AM – 5:30 PM Monday thru Friday. After hours and/or weekend work may be required to support organizational needs.

Starting Pay Expectations:

Minimum to salary range midpoint of $88,310.32. Placement will generally not exceed the midpoint based on qualifications, experience, and internal equity. The full pay range is $75,063.77 to $105,972.38 annually.

How We Determine Pay:

This position is covered by the Oregon Equal Pay Act. Your salary is determined based on the experience listed in your resume that is directly related and equivalent to the position for which you are applying. It is strongly encouraged to include any transferable experience (paid or unpaid regardless of how recent) to ensure your offer is reflective of all your relevant experience.

Benefits: Here are a few of our great benefits.

Medical, Vision, and Dental- Generous PTO-401k- Education Reimbursement & Student Loan Repayment Assistance and the onsite gym at administrative headquarters.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.