Enterprise Risk Management Information Security Analyst II - Endwell, NY

About The Position

Requirements

• Bachelor’s degree in information security, cybersecurity, information technology, or a related discipline with 1-3 years of relevant experience; 4-6 years of experience may be considered in lieu of degree.
• Proficient in the Microsoft Office Suite programs.
• Proficient with standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines, PCs, etc.
• Visions remains committed to the aspects of diversity and inclusion and will consider alternative education and experience.

Nice To Haves

• Training or certificates of completion in relevant topics.
• Knowledge of the NIST Cybersecurity Framework, NIST information security and privacy controls, the NIST risk management framework and guidelines for conducting risk assessments and the ability to apply them in an organization to reduce risk to an acceptable level.
• Knowledge of the Payment Card Industry (PCI) Data Security Standard (DSS) and how to apply the requirements in an organization to maintain compliance with the standard.
• Knowledge and use of the NCUA self-assessment tools for Information Security.
• Ability to read, understand, analyze, and interpret policies, procedures, standards, legal and other documents, and professional journals.
• Ability to take initiative to recommend and implement improvements to increase efficiency and attain higher levels of maturity.

Responsibilities

• Perform technology and process-based risk assessments for IT hardware and software assets and for electronic and high-risk transaction products.
• In partnership with ERM colleagues, IT and lines of business staff, as applicable, conduct risk assessments according to the schedule and the ERM program and procedures.
• Document the operational effectiveness of controls used to mitigate the risk, and how those controls are tested.
• Create corrective action plans as applicable.
• Track, monitor and report on progress to ensure mitigation within target completion dates.
• Ensure that risk levels are managed in a manner that ensures compliance with Visions’ governance structure.
• Stay abreast of current and emerging threats, advisories, alerts and risks and recommend mitigations. Use these in performing technology risk assessments.
• Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats.
• Provide recommendations on how to mature the Credit Union’s security posture.
• Ensure that administrative controls meet external compliance requirements.
• Maintain awareness of current, proposed and emerging security, privacy and data breach legislation and standards. Provide recommendations on how to meet current, pending or planned compliance requirements.
• Contribute to the development of information security, privacy, and risk management training. Ensure that training aligns with established organizational information security policies and standards and with legal and industry standard requirements and guidance.
• Participate in audits, examinations, and external risk assessments. Provide requested information, respond to recommendations, and provide status updates to support remediation efforts.
• Understand the Credit Union’s technology systems, security controls, business processes and the teams who directly support them.
• Help develop key risk indicators (KRIs), key performance indicators (KPIs) and other metrics. Track, monitor and report on indicators including trend analysis.
• Understand incident response and data breach notification procedures. Participate in incident response planning, development of procedures, testing and execution of procedures.
• Exude a presence of being an enterprise information security risk management subject matter expert (SME). Serve as an internal information security, privacy and IT risk management consultant. Promote a culture of information security and privacy awareness throughout the organization.
• Provide departmental back-up coverage as needed.
• Respond effectively to changing ideas, responsibilities, expectations, trends, strategies, and other processes.
• Demonstrate a commitment to diversity, equity, inclusion, and belonging through continuous development, modeling inclusive behaviors, and proactively managing bias.
• Perform other duties needed to help fulfil our mission, drive our strategy, and support our organization’s values.

Benefits

• Pension Plan
• 401k Plan with company match
• Excellent health benefits
• Flexible Paid Time Off (PTO), Volunteer Time Off (VTO), and Wellness Time Off (WTO)
• 10+ paid holidays per year
• Lifestyle Spending Account stipend for wellness, caregiving, or personal expenses such student loans and tuition reimbursement
• Employee recognition program