Cybersecurity Administrator

Role: 

The Cybersecurity Administrator is responsible for managing relationships with high-risk IT vendors related to network, firewall, and cybersecurity management. This role involves overseeing the Managed Detection Response (MDR) vendor, administering security systems, and supporting the organization’s network and security infrastructure. Additional responsibilities include system documentation, patch management, system hardening, security assessments, disaster recovery planning, and daily security operations such as incident response, vulnerability scanning, remediation, and security event monitoring.

Essential Functions & Responsibilities: 

Vendor Management:

• Manage relationships with vendors related to network, firewall, and cybersecurity management.
• Serve as the primary contact for the corporate firewall vendor, ensuring secure configuration and managing firewall change requests with required approvals.
• Oversee the MDR vendor to ensure proper security configurations, monitoring, and reporting.
• Investigate security alerts, report risks to the Information Systems Security Officer’s Committee (ISSO), and approve low-risk network and cybersecurity vendor changes.
• Perform annual vendor assessments and maintain records in the Vendor Management System.

Vulnerability Management:

• Administer the Vulnerability Management system to identify, manage, and remediate security vulnerabilities.
• Communicate findings to ISSO and assist in remediation efforts.
• Assist with reviewing and remediating items found during vulnerability scanning both internal and external.

Security System Administration:

• Administer Anti-virus, Anti-Malware, Anti-SPAM, and Anti-Phishing systems for optimal protection.
• Develop and communicate security system status reports to ISSO.
• Manage and monitor patch management for Microsoft and third-party applications.
• Apply OS updates, configuration changes, and security hardening.
• Maintain Endpoint Protection systems, including threat detection and firewalls.
• Implement system hardening for workstations, servers, network, and mobile devices.
• Conduct internal security assessments for regulatory compliance and vulnerability identification.
• Develop and maintain website and application whitelists.
• Conduct penetration testing to assess network and internal security.
• Monitor computing environment logs and network traffic for policy violations and threats.
• Schedule cybersecurity reports and audit administrator account management.
• Maintain a cybersecurity risk assessment and execute security initiatives.
• Draft and maintain security policies and procedures.
• Implement and audit domain administration restrictions, and Group Policy application on user and computer objects.
• Review and monitor administrator account management (normal and privileged).
• Research and deploy DLP standards pertaining to products.

Network and Security Infrastructure:

• Develop and maintain user access controls and security standards.
• Implement security controls to detect and prevent cyber threats.
• Support network and security infrastructure, including PCs, servers, and applications.
• Assist in planning, implementing, maintaining, and troubleshooting security systems.

Documentation and Reporting:

• Maintain system, network and application documentation, updating as needed.
• Lead IT assessments, penetration testing, and examinations.
• Work with assessors to track security findings and remediation efforts.
• Participate in information security audits and oversee penetration testing of all networks and systems to identify system and application vulnerabilities.

Compliance and Security Awareness:

• Design and implement cybersecurity awareness programs for employees and members.
• Comply with Family Trust policies and procedures, as well as applicable laws, regulations, and statutes issued by federal agencies such as NCUA and FFIEC, including, but not limited to, GLB and BSA.

Business Continuity and Disaster Recovery:

• Participate in Business Continuity and Disaster Recovery planning and testing.
• Responsible for Annual Business Continuity testing including RPO/RTO metrics for all assets managed at corporate and co-location.

General Requirements:

• Oversee significant projects, manage high-risk vendors, and assist in security budgeting.

Knowledge and Skills: 

Experience: Five to ten years of similar or related experience in cybersecurity and networking

Education: Bachelor’s degree in Cybersecurity, Computer Science, or Information Systems, or 5 years’ experience in cybersecurity and networking. Certifications such as CISSP, Network , CCNA, Security , CEH, PenTest , and CISA are a plus. ISACA Cybersecurity Fundamentals and Practitioner certification required within 2 years of hire.

Interpersonal Skill:

• • Experience managing IT vendors and network security.
  • Strong knowledge of vulnerability management, system hardening, and endpoint protection.
  • Ability to convey technical information to non-technical stakeholders.
  • Willingness to work outside normal business hours as needed.

Other Skills:

• • Strong problem-solving and multitasking abilities.
  • Experience with disaster recovery and business continuity planning.
  • Proficiency in creating and maintaining technical documentation.

Physical Requirements: Ability to lift up to 50 lbs.