JOB DESCRIPTION :
The Information Security Lead will report to the SVP IT and will work closely with all Information Systems department staff to assess and reduce information security risk and ensure compliance with established financial institution regulations. This role is responsible for Daily Security Alert Monitoring and Reporting, SOC, Security Information and Event Management (SIEM), Annual Risk Assessment Assistance, Quarterly Logical Access Reviews, Audit Response Assistance, Security Policy maintenance and mentoring other security team members.
The position is responsible for the operation, performance, and availability of the Credit Union's core security systems throughout the organization. He\She is also responsible for handling security systems projects of all levels of complexity. This is a Leadership position - in addition to the aforementioned operational responsibilities, this position will provide mentorship, guidance, performance monitoring, and escalated support to a team comprised of InfoSec Analysts, Administrators, and Engineers.
This position will take ownership through hands on work and from managing and supporting the enterprise security systems, including design, implementation and support of the entire security suite at PFFCU. Must possess hands on ability to execute creative solutions to complex problems. Must be able to balance the ability to work independently and concurrently be the leader of a high-performance team and keeping Senior Information Technology management fully appraised of the status of his\her projects and Security Operations.
JOB RESPONSIBILITIES :
Oversee Daily SOC dashboard maintenance and automation
Daily Security Alert and Log Monitoring (Central Log, Virus, IPS, DLP, Web Content, Secure Email, and Active Directory Changes). Assist with Monthly alert and log management reportingPeriodic security device and configuration reviewsMonthly Security Metrics / DashboardsQuarterly and semi-annual Logical Access ReviewsUtilize PFFCU's InfoSec governance risk & compliance platform to manage quarterly vulnerability reporting and remediation activities, and partner with IS team to ensure security patching is comprehensive, efficient and completed within targeted timeframesAssist with :Evaluation and suggest improvements to PFFCU's SOC and Automation systems
Supporting external and internal auditorsEvaluation and suggest improvements to PFFCU's Security Information and Event Management (SIEM) SolutionDocumentation of Security Incidents as a part of the CSIRT TeamDevelop or Maintain knowledge of :The latest NCUA and GLBA financial institution regulations
PFFCU departments and functions and effectively interface with staff at all levelsWorking with the SVP Information Technology to determine departmental prioritiesWhen appropriate, engaging outside contractors with proper technical expertiseEnsuring timely completion of projects and deploymentsMentor and monitor security staff to build a reliable, high performing infrastructure teamOther duties as assigned by the SVP Information TechnologyTECHNICAL SKILLS :
In depth working knowledge of a variety of network perimeter security technologies including :Firewalls (Cisco NGFW and PaloAlto)
Web Filter (ForcePoint)Intrusion Detection / Protection SystemsDLP - Network Based Data Loss PreventionVulnerability Scanners (Nessus)Zero Day technologies (FireEye / Trellix)Endpoint technologies (AMP, Defender, etc.)Email security technologiesWorking knowledge of Security Risk Assessment Methodology, Vulnerability Analysis and strong knowledge of SIEM technologyProject management, troubleshooting and analytical skillsProject management skills a mustExperience working with vendors on multiple levels (ordering, provisioning and engineering)Must possess effective written and verbal communication skillsMust possess knowledge of monitoring technologies\methods relating to security systemsMust possess a high level of comfort with debugging complex issuesMust possess excellent customer service skills and be able to work independently and with a team in a highly customer-focused environmentStrong understanding of all aspects of Security Systems as well as strong technical aptitude and problem-solving skills are needed to perform this job successfullyAbility to meet deadlines and concurrently manage multiple projects.JOB REQUIREMENTS :
Bachelor's Degree or equivalent related experience5 years of hands on information security engineering and administration experienceAbility to lead, mentor, and develop a high performing InfoSec TeamDemonstrated technical knowledge of perimeter security devices and configurationAbility to assess problems and situations possesses analytic ability and good judgmentDemonstrate effective business communication and technical writing skillsExperience working with third party service providersAbility to handle multiple projects at the same timeMonitor and maintain security appliances to insure the integrity of all systems from both internal and external entities.Proactively monitor security's performance and utilization and provide recommendations for improvement, upgrades, and expansion.Accurately document current and future security configuration and changes following PFFCU's change control guidelines.Provisioning and maintenance of security infrastructureProblem or Incident escalation contact including rotating afterhours supportDevelop a working knowledge of the business side of PFFCU and be able to effectively interface with staff using the technology.Strong project skills required, specifically the ability to maintain focus and complete projects with multi-month timeframesAbility to think logically and visualize abstract conceptsAbility to clearly communicate technical information to individuals at all levels of the organization and with vendorsAbility to prioritize multiple tasksAbility to work varying hours, sometimes includes evening and weekend workPFFCUBO
