Primary Objective of Position: Provide monitoring and response to security issues as they relate to information technology in order to protect the confidentiality, integrity and availability of organizational information assets. The position requires an investigative mind and the ability to work with several tools or third parties to support technical security controls. This role reports to the Information Security Director and has regular contact with all departments and technology vendors to provide guidance on matters of information security, maintain knowledge of emerging cyber threats, share actionable intelligence and consult key stakeholders to help SPIRE Credit Union meet security objectives.

Major Duties and Responsibilities

Lead the technical vulnerability management activities – 40% of current role

• Ensure vulnerability scanning tools continually cover the entirety of network assets, showing changes and remediation
• Run scanning tools and interpret scanning results to identify treatment plans
• Identify high-risk software & firmware vulnerabilities
• Investigate vulnerabilities for known exploits
• Assist in research and remedy of failed or missing patches
• Ensure there is a rescan after changes and remediation efforts
• Monitor, track, and maintain certificates/certificate providers

Manage technical security tools – 40% of current role

• Ensure full endpoint coverage by all solutions
• Keep configurations and safeguards up to date with best practices
• Use network security monitoring tools and perform log analysis to identify abnormal behavior
• Investigate threat alerts; work with the appropriate teams to correct critical issues
• Report metrics to ensure accurate reporting of the cyber environment

Participate in cyber incident response efforts to contain, investigate and prevent future cyber security events

• Coordinate Investigations of security breaches and other cybersecurity incidents
• Document security breaches and assess the damage

Advise on best security practices as they relate to information technology resources

• Participate in the design, configuration & deployment of information security infrastructures
• Provide secure alternatives to achieve desired business results
• Offer training on technical controls affecting the security and privacy of member information

Contribute to information security assessments

• Participate in cyber/ransomware readiness assessments
• Participate in efforts with regulators and independent auditors relating to technical controls
• Participate in third-party risk management review efforts to ensure adequate security practices are in place

Update technical security-related documents

• Coordinate with the Information Security Director to create new or modify existing technical security documents

Act as technical security advisor to the institution, members and peers

• Subscribe to threat notification networks, new regulations and information sharing networks to stay current on requirements and new threats to the industry
• Build relationships across the organization to ensure efficient use of controls
• Create a robust network of diverse information security and technical professionals
• Attend continuing technical security and fraud education appropriate to the position
• Attend a certain number of company-sponsored security training/education classes including the following areas – BSA, AML, OFAC, privacy, safeguarding member information and physical security

EXPERIENCE

• 1-3 years of financial institution or other regulated industry experience
• 1-3 years of information security and information technology experience

EDUCATION/CERTIFICATIONS/LICENSES

• A bachelor’s degree in Computer Science or completion of a specialized information security course.
• IT and Microsoft Security Certifications are preferred
• Experienced in the ISO 27000 Family Framework
• Advanced PC skills and aptitude in various software applications
• Understanding of local and wide area networks (LAN/WAN), Internet, electronic communication systems, telecommunications, virtualization
• Advanced understanding of information security technologies such as endpoint protection, SEIM, firewalls, VPNs, IDS/IPS, vulnerability scanning, and data loss prevention.
  • Qualys, Rapid7, ProofPoint, BeyondTrust, Forcepoint, CrowdStrike, Varonis

INTERPERSONAL SKILLS

A significant level of trust, credibility and diplomacy is required. In-depth dialogue, conversations and explanations with customers, direct and indirect reports and outside vendors can be of a sensitive and/or highly confidential nature. Communications may involve motivating, influencing, educating and/or advising others on matters of significance.

OTHER SKILLS

• Must possess a high degree of integrity and trust with an attention to detail
• Strong oral and written communication skills
• Highly organized, efficient and able to work independently
• Ability to relate complex material in a “user-friendly” manner
• Ability to discern appropriate security measures
• Ability to prioritize and manage several projects at once and meet deadlines on projects assigned
• Ability to work professionally and courteously with fellow staff members

We are committed to hiring a breadth of diverse professionals and encourage members of diverse groups to apply. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.