Cyber Security Analyst

Description

PRIMARY OBJECTIVE OF POSITION

Assist in protecting credit union technology assets and confidential data.  Utilize analytics to assess system security and potential vulnerabilities and risks.  Maintain system security following credit processes, procedures, and change management practices.  Assist in implementation of new technologies and processes necessary to enhance security capabilities.  Work with Information Technology staff and other essential credit union staff to quickly document and remediate identified vulnerabilities.

ESSENTIAL JOB FUNCTIONS

• Utilize outside business partners and internal security systems to perform regular system risk assessments, penetration tests, social engineering, and vulnerability assessments.
  • Produce reports and disseminate report summaries
  • Track and report risk mitigation progress.
• Analyze all security reports and logs to,
  • identify anomalies or risks
  • identify security breaches or policy violations
  • ensure compliance
• Work with process, systems and other asset owners to help identify and catalog high value assets, assess threats and vulnerabilities to determine risk, understand security and compliance posture, and drive risk treatment activities.
• Utilize services such as CIS Benchmarks to establish and implement system and application security benchmarks.
• Help to implement and integrate cyber risk management practices and capabilities across the organization.
• Participate in change management program to ensure that changes are in line with security guidance and benchmark expectations.
• Enhance tooling that will support risk management capabilities and processes across the organization.
• Provide input and execute on various risk management processes such as risk mapping.
• Help to develop and enhance risk management capabilities.
• Utilize report findings to notify appropriate personnel following incident response policy.
• Assist with maintenance of administered hardware including, but not limited to:
  • Physical installation of new hardware
  • system utilization and efficiency
  • firmware updates and patches
  • system configuration changes and upgrades
• Document all identified technology risks and resulting remediation actions following incident response procedures and policies.
• Document all security systems, applications, and configuration and any changes to those systems.
• Follow proper change management practices and testing procedures.
• Maintain knowledge of managed systems and environment thru approved training opportunities.
• Participate in departmental on call scheduling as well as weekly maintenance window schedules.
• All other duties as assigned.

RELATIONSHIPS AND CONTACTS

Reports to:  Vice President of Information Security

Contacts:  Frequent contact with other employees, departments, and outside vendors.  Some contact with members.

Qualifications

EDUCATION

• Associate degree from an accredited college or university or 64 college credit hours.  Commensurate IT experience will be considered in lieu of degree.
• Must possess and maintain, at minimum, CompTIA Security certification or be able to acquire within the first year of employment.

EXPERIENCE

• Three (3) years total IT experience with one (1) year experience in analytics.

PHYSICAL REQUIREMENTS

• Position involves wrist/hand manipulation; good visual acuity for detail work; ability to bend stoop on a regular basis; reach overhead and lift up to 50 pounds.
• Vision abilities required by this job include close vision for frequent viewing of computer monitor and review of documents.
• Must possess a valid Texas driver’s license, means of transportation and be able to travel independently and work after normal business hours, when requested by management.

MENTAL REQUIREMENTS

• Must be able to perform job functions independently or with limited supervision and work effectively either on own or as part of a team.
• Must have a strong ability to read and carry out various written instructions and follow oral instructions.
• Must have a strong ability to speak clearly and deliver information in a logical and understandable sequence.
• Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public.
• Must be able to perform responsibilities with composure under the stress of deadlines / requirements for extreme accuracy and quality and/or fast pace.
• Must be able to effectively handle multiple, simultaneous, and changing priorities.
• Must be capable of exercising highest level of discretion on both internal and external confidential matters.

TECHNICAL SKILLS

• PC’s and printers, telecommunications equipment, calculator, fax and copy machine. 
• Must possess the ability to collect, examine, and process raw data into meaningful reports.  Must understand networking and network design, IT security architecture, Microsoft Operating systems and Microsoft applications. 
• Prior experience with enterprise security applications, security appliances, Citrix, and Microsoft Office 365 are a plus.

I acknowledge that I have received, read, and understand this Job Description.  I agree to perform to the best of my abilities the functions and duties described herein, with or without reasonable accommodation.  I understand that this Job Description does not constitute an employment contract or alter my "at-will" employment status.  I further understand that the duties and responsibilities described in this Job Description are subject to change or modification, as determined by management, and that I am responsible for performing any job duties, or other tasks, and responsibilities that may be assigned, and/or directed by management.