The primary responsibility of the Information Security Analyst I position is to ensure the confidentiality, integrity, and availability of electronic data stored on the servers, PCs and internal network systems of the UWCU. This includes, but is not limited to, all aspects of security administration of the internal private network as well as the security of the external public network.
Must effectively carry out the essential duties of this position in a manner that consistently demonstrates the core values of the Organization in a positive manner.
1) Security Administration- 60%
a. Facilitates the day-to-day operations of the in-place security solutions.
b. Enforce established policies, procedures, and standards across all managed systems.
c. Monitor and maintain effective anti-malware protection throughout the data network.
d. Research, recommend, and ensure the timely deployment of security patches to network operating systems, applications, and devices.
e. Maintain and support the Identity Governance and Administration (IGA) system.
f. Review vulnerability scan results and ensure that identified vulnerabilities are remediated as required.
g. Review and maintain risk register to track all unmitigated IT vulnerabilities.
h. Maintain and support Data Loss Prevention (DLP), Firewalls, IPS, IDS, email encryption, email protection, patch management, Security Information and Event Management (SIEM), password management tools, DNS filtering, threat intelligence feeds, Netflow, and multifactor authentication.
i. Deploy, maintain, and support VPN connections from telecommuters, ATMs, and 3rdparty vendors.
j. Ensure employee phishing tests are performed and conduct proper response to all phishing test failures per documented procedure.
k. Understand and utilize the tools, technologies, and techniques for creating a secure data network environment.
2) Security Analysis- 20%
a. Stay abreast of security industry trends and events that can impact the CU and financial institutions in general.
b. Maintain an in depth and current technical knowledge of security industry trends, products and events.
c. Review logs and reports provided by all monitored IT assets and initiates investigations into anomalous events when identified and escalates response as needed.
d. Assist in developing “best security practice” configuration management for operating systems and networking equipment builds.
e. Identifies, investigates and resolves security incidents detected by in-place systems.
f. Provide technical assistance to incident response handlers for the all phases of IR including preparation, identification, containment, eradication, and recovery.
3) Other Responsibilities- 20%
a. Assist in the research, development, and implementation of UWCU process improvements, and new products or services, by representing the department on project teams, as needed.
b. Interact with technology staff and manager to evaluate, test, and implement changes and enhancements to existing network technologies and network systems.
c. Assist with providing documentation for audit or examination related requests.
d. Become proficient in new security technologies as they develop.
e. Provide security awareness training and assistance to others as needed including members and staff.
f. Assist others in the department as appropriate, fostering teamwork and quality of service.
g. Contribute to meeting established Network Service Levels.
h. Implement automation of security processes to increase efficiencies.
i. Develop and maintain appropriate vendor and support relationships.
j. Assist in representing the IT department in UWCU-wide training.
k. Develop required documentation for all system changes in accordance with the change management policy.
l. Be an active participant in the Information Security Steering Committee meetings.
m. Perform other duties as assigned.
- Associates degree required
- Bachelors degree in Computer Science or related field preferred
- Exercises good judgment in the performance of responsibilities, requiring minimum supervision.
- Communicates effectively with both members and teammates.
- Exhibits a talent and passion for technology; is creative and resourceful in solving problems.
- Demonstrates the ability to identify organizational IT risk
- Proven experience with maintaining security-based solutions.
- Strong understanding of the security configuration of Microsoft Windows Operating Systems, Active Directory, Microsoft SQL server, Microsoft Exchange server, Cisco network devices, Intrusion Detection Systems, Firewalls, and anti-malware detection systems
- Demonstrates familiarity with security frameworks such as CIS Critical Controls, NIST, and COBIT.
- Thorough understanding of network operating systems, Internet web hosting and Internet security policies and practices in a commercial network environment.
- Familiarity with financial operations, industry is strongly preferred.
- Must have strong oral and written communication skills.