Information Security Analyst (Onsite)

About The Position

Requirements

• Strong knowledge of CIS Critical Controls.
• Information security certification(s) required, such as CISSP, CISM, or CISA.
• Experience with vulnerability management and penetration testing.
• Proficiency in auditing device configurations and ensuring compliance with security benchmarks.
• Excellent analytical and problem-solving skills.
• Strong communication and presentation skills.
• Bachelor's degree or equivalent experience in Computer Science, Information Technology, or a related field.
• Minimum of 3-5 years of experience in information security or computer networking.

Nice To Haves

• Knowledge of financial institution regulatory guidance such as FFIEC or NCUA Part 748 Appendix A preferred.

Responsibilities

• Implement and audit the CIS Critical Controls to enhance the organization's security posture.
• Develop and maintain a comprehensive security program that complies with NCUA Part 748 Appendix A.
• Remediate findings from internal and external penetration tests and General Controls audits.
• Prepare and present monthly security reports to the Enterprise Information Security Committee.
• Manage vulnerabilities by identifying, assessing, and mitigating security risks.
• Audit device configurations to ensure compliance with CIS benchmarks.
• Monitor and respond to security incidents and alerts.
• Monitor for external phishing websites and domain threats and lead the take-down process.
• Conduct regular security assessments and audits to identify potential vulnerabilities and recommend corrective actions.
• Collaborate with IT System Administrators and other departments to ensure the implementation of security best practices.
• Stay up to date with the latest security trends, threats, and technologies.
• Design and implement security procedures
• Collaborate with Artic Wolf Managed Security Services Provider (MSSP) to monitor and implement security best practices.
• Monitor and respond to security events from multiple sensors including end point protection, SEIM, web filters, email and DLP protection.
• Implement data security measures to protect sensitive information from unauthorized access.
• Educate staff on cyber topics such as social engineering and phishing.
• Review 3rd party SOC reports to ensure vendor security programs meet Frontwave requirements for safeguarding sensitive information.

Benefits

• Competitive pay
• 401k matching
• mortgage and auto discounts
• 9-27 days of PTO per year (based on tenure)
• 10 paid holidays
• Affordable medical, dental, vision health plans
• Flexible Spending Account
• Employee Assistance Program with a variety of services
• Career development, training, and coaching, mentoring
• tuition reimbursement up to $4,000/year