Job Description

Information Systems Security Officer

All candidates must reside within 50 miles of the Washington DC or Baltimore area.

Job Description, Requirements & Day to Day:

Information Security and Compliance: Oversee and recommend acceptable levels of risk for the credit union and ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization including on premise solutions, other modules and systems as implemented.

Proactively protect the integrity, confidentiality, and availability of information in the custody of the organization:

• Serving as the process owner of information assurance activities related to the availability, integrity and confidentiality of member and business information in compliance with regulatory requirements and the credit union’s information security policies.

• Interacting with various leaders to ensure the consistent application of policies and standards as it pertains to cyber and information security.

• Report regularly to the Executive Team and Board of Directors regarding the status of the Information Security Program and Audit at the credit union.

• Monitoring program data and access control tables and user profiles; design computer system access reports to identify possible segregation of duties, security violations, or intrusions; maintain operating system, database management system and communications system controls; adhere to application and infrastructure change, development, testing, and implementation controls.

• Ensuring the disaster recovery and business continuity processes are tested, updated, distributed as needed to protect ongoing business processes.

• Collaborating with the IT department for risk review and mitigation.

• Recommending tools to enhance APGFCU security posture.

• Providing security awareness training to employees during on-boarding.

• Conducting vulnerability assessments on a quarterly basis.

• Reviewing security documentation for new and ongoing vendors to ensure vendors have effective security controls in place.

• This position plays a key triad role with IT, Security and Compliance to ensure cross-functional collaboration results in a dynamic and robust information security protocols across the credit union.

• This position actively engages in corporate-wide strategic discussion and problem solving.

Threat Management Monitoring and Evaluation: Daily reviews of security monitoring systems, network and user activity, and emerging threats by:

• Monitoring of credit union owned security devices and security managed services to ensure appropriate review and mitigation of identified threats

• Maintaining situational awareness of all systems across the organization and its vendor ecosystem

• Maintaining an understanding of threats and threat activities

• Collecting, correlating, and analyzing security-related information

• Ensuring scheduled monitoring activities are performed daily and documented

Intellectual Property Protection:

• Determine which types of confidential information are required to be protected as well as establish and maintain policy and verify implementation of suitable encryption controls to protect such information.

Risk Assessments:

• Conduct Risk Assessments of security controls, systems, and procedures to assess their effectiveness, and working with management, identify, develop, and execute plans to maintain adequate monitoring and address information security risks.

• Perform comprehensive IT risk assessment reviews for key systems and processes.

• Conducts ongoing monitoring of Information Technology security profile and general operational controls.

• Manage and coordinate the maintenance of the Information Security Risk Assessment Framework based on IT General Controls (ITGC) best practices and Information Security Policy standards.

• Coordinate with subject matter experts and leaders to update the Information Security Risk Assessment Framework on an ongoing basis; present findings and recommendations

Policy and Procedure: Determine, develop, maintain, and publish corporate-level information security

Qualifications:

Top 3 Must Haves:

1) Experience with leading a team with vulnerability testing and implementation

2) Audits within the financial/credit union industry or similar

3) CISSP or CISM

• A bachelor's or master's degree in Computer Science, Cybersecurity, or a related field is typically required. Some positions may accept equivalent job experience in place of a degree.
• 8+ years of experience in information security or related field, with a focus on security protocols, threat detection and prevention, risk assessment and mitigation. Experience in a financial or credit union environment would be particularly beneficial.
• Knowledge and understanding of pertinent laws and regulations, such as those related to financial institutions, privacy, and data breach.
• Knowledge of Computer Networking, IT Systems, and Security Infrastructure.
• Experience with vulnerability testing and implementation.
• Knowledge of risk assessment methodologies and experience conducting comprehensive IT risk assessments.
• Proficiency in implementing and managing IT security controls.
• Ability to analyze security systems and seek improvements on a continuous basis.
• Prior experience with threat management monitoring and evaluation.
• Familiarity with web related technologies such as Web Applications, Web Services, Service Oriented Architectures, and Web Security.
• Certification like Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required.
• Excellent written and spoken communication skills.
• Ability to lead a team effectively.

Job Tags

Similar Jobs