Security Administrator

About The Position

Requirements

• Bachelor’s degree (BA or BS) from an accredited four-year college or university is preferred however equivalent combination of education, experience, certification, and training may be considered in lieu of degree requirements.
• One (1) year to three (3) years of progressive work experience in information security and/or related field(s).
• Experience within the financial industry preferred but not required.
• Ability to read, analyze, interpret, and communicate regulatory information and technical procedures relating to credit union operations.
• Ability to write reports, business correspondence and procedure manuals.
• Ability to effectively present information and respond to questions from groups of managers, directors, employees, and members as required.
• Ability to add, subtract, multiply, and divide in using whole numbers, common fractions, and decimals.
• Ability to define problems, collect data, establish facts, and draw valid conclusions.
• Ability to interpret an extensive variety of regulatory and technical instructions in several abstract and concrete variables.
• Strong understanding of security processes relating to firewalls, intrusion detection systems, data encryption, device hardening, access controls, and cloud application implementations are required.
• Demonstrated abilities in the identification, analysis, and assessment of system logs, monitoring alerts, threat hunting, and the ability to work with a third-party security provider to investigate events.
• Demonstrated knowledge of Microsoft Office365 suite, specifically Excel, Word, and PowerPoint.
• Ability to communicate verbally and in writing with others is essential.
• Requires the ability to work in a collaborative team environment.

Nice To Haves

• Professional certifications are a plus (CISA, CompTIA A+, Network+, Security +)

Responsibilities

• Participate and contribute to activities necessary to maintain an effective and efficient Information Security Program, designed to mitigate risk and support the organization’s business goals and objectives.
• Develop, configure, maintain, and monitor a security infrastructure for both on-premises, vendor hosted applications, and public hosted environments (Azure, Amazon Web Services, and Google) while supporting the organization’s disaster recovery and business resumption plans.
• Develop, implement, maintain, and oversee the enforcement of Credit Union policies, and procedures for system security administration and user system access based on industry-standard best practices.
• Develop, implement, maintain, and oversee a Vulnerability Management Program that identifies, assesses, prioritizes, and coordinates remediation of security vulnerabilities across enterprise systems, applications, and networks.
• Deploy, manage, and maintain security systems on premises and in the cloud, and their corresponding or associated software, including intrusion detection systems, application whitelisting, and anti-virus software.
• Develop, implement, maintain, and oversee a Security Awareness Training Program that educates employees on cybersecurity risks, safe handling of member information, phishing prevention, password security, and compliance expectations to help protect the credit union’s systems, data, and members.
• Monitor and review security alerts, examining network traffic for unusual or suspicious activities. Interpret activity and investigate any noted irregularities and make recommendations for resolution.
• Participate and provide guidance for security reviews related to vendor management onboarding processes, vendor management ongoing security reviews, and annual risk assessments.
• Participate and execute security, vulnerability, and penetration assessments in partnership with regulators and external security firms, as well as performing necessary internal security evaluations and remediation activities.
• Collaborate with stakeholders to assess and analyze business unit security operations ensuring governance compliance and making security recommendations that best support the organization’s strategic objectives.
• Recommend, schedule, and perform security improvements, upgrades, and assess the need for any security reconfigurations and execute them if required. Conduct research on emerging products, services, protocols, and standards in support of strategic security enhancement and development efforts.
• Keep abreast of current information security technologies, industry developments; maintain certifications and attend professional courses and seminars as required to support the organization.
• Participate as a member of the Incident Response and Disaster Recovery teams, participating as a key team member investigating and remediating information security incidents.
• Performs other duties and responsibilities as assigned.