Senior Information Security Analyst

The Senior Information Security Analyst will lead information security efforts at Tower Federal Credit Union by ensuring the confidentiality, integrity, and availability of information assets.  This role combines technical expertise with leadership capabilities, overseeing security operations, incident response, and regulatory compliance.  The Senior Analyst will play a critical role in implementing and managing advanced security technologies, conducting risk assessments, and enhancing the organization’s overall security posture.  The Senior Analyst will also mentor Analysts in the Information Security department.

Leads the day-to-day operations of Tower’s Security Operations processes including monitoring, detection, and response to security threats and incidents

Implements, manages, and monitors security tools such as SIEM, IDS/IPS, and endpoint protection to detect and respond to threats.

Analyzes security logs and alerts to identify suspicious activities, escalating incidents as necessary.

Oversees vulnerability assessments, penetration tests, and incident response activities.

Collaborates with IT teams to ensure security controls are properly integrated into infrastructure and applications.

Leads investigations of security incidents, including root cause analysis and resolution.

Develops and maintains incident response plans, procedures, and playbooks, ensuring timely and effective response to potential breaches.

Provides post-incident reports and recommendations to improve security measures.

Conducts comprehensive risk assessments to identify vulnerabilities and provide risk mitigation recommendations.

Ensures compliance with industry standards and regulations (e.g. FFIEC, NCUA, GLBA, etc.)

Collaborates with internal and external auditors to demonstrate compliance with security policies, standards, and practices.

Stays current on regulatory changes and emerging threats affecting financial institutions.

Provides guidance on the secure design and implementation of new systems, software, and third-party integrations.

Provides guidance and mentorship to junior security analysts and other team members.

Performs related duties when assigned.

Bachelor's degree in Information/Cyber Security, Information Systems or Computer Science (or related field) with a minimum of 6 years relevant work experience; Without a degree, a minimum of 9 years directly applicable work experience.

Or combination of education and related experience

Professional-level industry certification (i.e. CISSP, CISM, GIAC, etc.) preferred.

Extensive knowledge and experience with security technologies (i.e. SIEM, IDS/IPS, endpoint security, DLP, Email/Web Security, vulnerability management, etc.)

Advanced knowledge of NCUA, FFIEC, GLBA, CIS Critical Security Controls, PCI DSS, MITRE ATT&CK, NIST, and other information security frameworks.

Credit union or financial services experience preferred.

Extensive knowledge of Microsoft systems administration including Active Directory, M365/O365, Azure, etc.

Extensive knowledge of security infrastructure, principles, concepts and contemporary industry best practices.

Proficiency in analyzing logs and reports to identify and mitigate threats.

Excellent problem solving and analytical skills.

Strong written and verbal communication skills, with the ability to present technical information to non-technical stakeholders.

Ability to manage multiple priorities and work effectively under pressure.

Strong understanding of risk management and regulatory requirements for the financial services industry.

Proficiency in incident response and threat intelligence techniques.

Ability to lead and collaborate with cross-functional teams.

Ability to create and organize reports that synthesize complex information.

Ability to create and effectively present relevant and readable diagrams, graphs, charts and presentation materials, proposals, reports, business correspondence, and procedure manuals for a diverse audience.

Ability to understand and analyze financial and operational data.

Ability to read, analyze and interpret contracts, business periodicals, professional journals, government regulations, and regulatory directives to ensure Tower facilities are compliant.

Ability to effectively coach staff regarding on-the-job development

Ability to define problems, analyze data, establish facts and draw valid conclusions based upon rigorous analyses.

Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.

Ability to initiate long and short-term planning that supports credit union business plans, following through with successful implementation as authorized.

Ability to effectively manage multiple projects related to information security from initiation to completion (knowledge of project life cycle).

Ability to develop action plans and organize workload, of self and others, to accommodate competing deadlines and projects.

Ability to arrive at work routinely and promptly.

Ability to effectively negotiate on behalf of the organization.

Ability to motivate and influence others to take action.

Ability to facilitate group discussion and gain consensus.

Ability to maintain sensitive and confidential information.

Ability to interact effectively and professionally with colleagues and managers.

Has knowledge of and adheres to credit union policies and procedures and all regulations related to the bank Secrecy Act, the USA Patriot Act and OFAC.

Ability to work the hours needed which may extend beyond the defined work schedule when operating conditions dictate. Recurring evening and weekend work to meet deadlines; ability to respond to needs on both an ad hoc and scheduled basis.

Lifting from floor as well as table height and transporting of moderately heavy (up to 50 lbs.) objects, such as computers and peripherals, with or without accommodations in compliance with ADA.

Ability to travel independently to all TFCU facilities and designated sponsor locations as needed, with or without accommodations in compliance with ADA

Dexterity of hands and fingers to operate a computer keyboard, mouse, and to handle other computer components, with or without accommodations in compliance with ADA.