IT Info/Security Manager

About The Position

Requirements

• Bachelor's Degree in Information Security, related degree, or equivalent relevant work experience.
• Certifications preferred - CISSP or other security-focused certification.
• Ability to become and remain 100% bonded.
• Minimum of 5–7 years in information security, with at least 2 years in a leadership or management capacity. Financial services experience is strongly preferred.
• Extensive experience with SIEM, IPS/IDS, Firewall, Log management and vulnerability scanning technologies.
• Investigative and analytical problem-solving skills required – very familiar with Windows, Linux, networking principles, cloud-based solutions, endpoint protection, Microsoft/Google security products and services.
• Experience performing network and application security penetration testing and/or vulnerability management, interpreting results, and remediating findings.
• Knowledge of best practice of information security, pertaining to Windows workstations and Windows Servers.
• Able to effectively manage workload in a fast-paced environment.
• Experience performing incident triage and response activities.
• Experience working as a team lead and training and mentoring teammates
• Knowledge of VPN and functioning remotely to perform all aspects for networks and systems.
• Scripting knowledge and report writing.
• Experience supporting end users
• Will quickly acquire thorough knowledge of Genisys Credit Union IT policies and procedures; including policies related to the Bank Secrecy Act (BSA), including Anti-Money Laundering.
• Experience working with BSA Manager to complete suspicious activity reports when required for items like website disruption or malicious activity that disrupts the network.

Responsibilities

• Supervise and direct activities of the information security staff.
• Research and recommend the purchase of software and hardware used for managing security systems.
• Investigate, test and install new security software applications as warranted.
• Negotiate contracts and coordinate activities with Credit Union vendors with respect to hardware upgrades, system maintenance, system monitoring and replacement.
• Remain abreast of information/cyber security technology and trends for improvements in the Credit Union’s security infrastructure.
• Develop, document and implement credit union policies related to network security.
• Maintain procedures to analyze, triage, contain, and eradicate malicious activity.
• Monitor user adherence of Credit Union security policies
• Lead the development of processes and procedures to improve incident response times, accurate analysis of incidents.
• Maintain regular contact with all departments to obtain information about possible security risks.
• Proactively communicates all incidents and possible security violations to the CIO and IT Security Committee.
• Oversee programs for risk assessment, threat modeling, vulnerability management, and incident prevention.
• Perform routine risk assessments and execute tests of data processing systems to ensure functioning of data processing security measures.
• Be the IT lead on external audits/exams working with 3rd party partners and the NCUA and State of Michigan ensuring these partners get the documentation they need to complete their audits.
• Maintain effective professional relations with vendors and service providers.
• Ensure strict compliance with relevant standards and regulations.  These include NCUA (National Credit Union Administration) regulations, GLBA (Gramm Gramm-Leach-Bliley Act), and other state/federal mandates
• Maintain a detailed incident response plan and conduct yearly table top testing.
• Serve as the IT lead for the Incident Response Team (IRT). Manage the lifecycle of a breach or security event, from detection to post-mortem analysis.
• Lead enterprise IT risk assessments.
• Ensure compliance with frameworks and requirements such as NIST.
• Evaluate the security posture of third-party vendors (FinTech partners, core processors) to ensure they meet the credit union’s security standards.
• Plans and implements any security upgrades or workstation and servers on the network.  Schedule critical systems downtime during non-business hours and weekends for least impacting to users and members.
• Setup, configure and support internal and external network security devices.
• Investigate, test and install new security software applications as warranted.
• Lead in the development and implementation of security best practices and users appropriate use.
• Lead detailed risk analysis and risk assessment to identify, mitigate, and control risks to infrastructure, information systems, and data; advocate security and risk management to key stakeholders in order to balance security and business needs.
• Setup, configure, and support the patch management software and maintain documentation.
• Setup, configure, and support the vulnerability management software and maintain documentation.
• Setup, configure, and support the SIEM log management and maintain documentation.
• Works closely with the CIO to develop, document and implement policies related to support, security, and maintenance of all facets of the security infrastructure.
• Assist with ongoing security awareness programs educating users with proper security practices.
• Perform other duties, as assigned by management