245 IT Security Architect Job Purpose: IT Security performs information technology risk assessments, develops information security policy and strategy and executes operations and processes required to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The IT Security Architect is dedicated to providing operational, tactical support and stragic direction required to support technology and processes in the IT Security department. The primary objective of this role is to perform the strategic work necessary for the implementation of IT Security systems and software. The secondary function of this role is to perform the tactical work necessary for the planning and control of IT Security systems and software. The tertiary function of this role is to participate in operational support when an event is escalated. Job Responsibilities: 30% 1. Technical Consulting: Present information in area of subject matter expertise as required. Complete risk assessments as required. Develop and manage technical security standards. 20% 2. Project Participation: Provide IT Security guidance through all phases of a project when identified as a necessary resource. 20% 3. Project Leadership: Under the guidance of IT Security management lead projects to design/build/run, improve or maintain software, systems and processes in the IT Security department. 10% 4. Product Management: Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above. 10% 5. Research & Development: Under the guidance of IT Security management: Make inquiries and investigate when needed for requests which requires additional information. Set and pursue development goals for certifications and continued education in IT Security. For the purpose of improving service delivery research new or existing technologies which are directly within scope of the work being done in this role. 5% 6. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to IT Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Escalate when necessary. 5% 7. Software Programming/Systems Configuration: Follow documented procedures to enter data and/or configuration specifications to augment or maintain the operational status of IT Security systems and software. Follow documented procedures to execute tasks to perform scheduled maintenance, batch processes and documented procedures for the routine support of IT Security systems and software. Guide and monitor subordinate staff in the completion of these tasks. 5% 8. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to IT Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Escalate when necessary. 9. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: 1. Bachelor of Science degree in CS/MIS or equivalency in education and related professional experience. 2. Seven years of demonstrated proficiency with an Information Security Audit, Identity Management or Architecture focus in a business environment with the most recent 24 months at Level III or comparable, professional experience. 3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. 4. Proven ability to provide a high level of customer service. 5. Comprehensive knowledge of the CISSP Common Body of Knowledge. 6. Demonstrated working knowledge of information security concepts in at least (12) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle 7. Proof of technical certifications, training and professional experience in (8) technologies currently deployed at CUNA Mutual Group in Identity Management or IT Security. 8. (4) Professional certifications in one of the following programs: SANS Global Information Assurance Certification ISC2 ISACA Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position. 12 months 2. Identify and describe this position’s most typical challenges or problems. • Incident handling involves processing alerts and reports of events. • Problem resolution is the handling of system and software failures and the identification of root cause. This may include recommending changes. • Tracking and monitoring is the process which documents and records events for incident handling and problem resolution processes. • Product Management is the tactical support of IT Security solutions. • Project Leadership is required to improve and maintain IT Security systems and software. • Prioritization is necessary to ensure configuration and maintenance occurs, service levels are met and critical systems are assigned priority. • Communication is required for the necessary recordkeeping and verbal communication to the business. • Workflow requires that the necessary tollgates, procedures, notifications and recordkeeping occur. • Collaboration is necessary in situations where technical consulting and project participation are requested. 3. Identify and describe this positions’ most complex duties and challenges or problems. • Developing and using influencing skills in a project leadership role. • Communicating security principles to the business. • Sustaining a resolute security posture based on industry best practices. • Technical acumen and development in systems and software IT Security. • Acquisition of subject matter expertise in IT Security. 4. Training and Workflow Direction: (check one). • ( ) Position does not conduct training or give workflow direction to other staff in own work area. • (X) Position does conduct training or give workflow direction to other staff in own work area or customers on a regular basis: A. X Training: 5% of time spent training on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst ** 235 IT Security Senior Analyst ** 240 IT Security Engineer B. X Work flow direction: 5% of time spent providing workflow direction on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst ** 235 IT Security Senior Analyst ** 240 IT Security Engineer 5. Job Impact/Nature of Work: The IT Security Architect is dedicated to providing operational, tactical and strategic direction in order to maintain technology and processes in the IT Security department. This role requires the ability to design/build/run security technologies, define workflow and execute projects with limited oversight by management. This role has decision making responsibility and will be required to improvise and adjust to prioritize initiatives. Discretion, clear communication, competence and self-direction are required for all aspects of the role. Oversight of approach, capability and quality of work will reside with IT Security Management and be facilitated by feedback from staff and clients. Analysis and good judgement are required in the performance of the duties associated with this role in order to guide and mentor staff and lead project teams. Failure to perform due diligence in the selection and management of security solutions will escalate total cost of ownership for software and systems as well as create problematic and difficult to support infrastructure. Failure to meet service levels or respond quickly to alerts or reports of events could lead to data loss or compromise, denial of service to systems and/or loss of customer confidence. The financial impact of these failures could be in multiples of $1000.00 with an estimated average cost of a security event at $21,000.00 as of 11-21-2005. 6. Internal/External Contacts: • Both email and voice communication within IT will be necessary to provide notification, status updates on events and technical consulting. • Email and voice communication will be required to communicate with third parties for incident response. • This role will be required to contact third parties for systems or software problem resolution. • Communication with management and business leaders will be required. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. • On-call rotation required for 24x7 coverage. • More than average keyboarding required for data entry and business communications. 8. Additional Comments: The information in the above questionnaire is not intended to be all inclusive. However, it should detail the key aspects regarding the position involved. HR Compensation use only: Reviewed By: Date: Criteria for Job Advancement: CRITERIA FOR JOB ADVANCEMENT: Date: 1/23/2006 The following career ladder is being established for the IT Security Analyst position in the IT Security Department, comprised of 4 levels. Once the criteria for advancement is met, the incumbent may be considered for promotion to the next level in the career ladder if a business need for another position at a higher level exists and at management's discretion, as it relates to the following criteria: A. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I: 1. Satisfactory performance in all Level I duties. 2. Demonstrate a satisfactory level of fundamental knowledge and understanding of the operational support and performance of documented routine tasks required to support technology and processes in the IT Security department. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in the performance of the work necessary to maintain operational excellence for IT Security systems and software. B. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II: 1. Demonstration of a commendable level of proficiency in all Level I job duties including quality of work, productivity, initiative and job knowledge as it relates to the performance of the work necessary to maintain operational excellence for IT Security systems and software. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communications skills, creative skills, and customer service skills in operational support situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CISSP Common body of Knowledge and information security concepts as listed in the minimum requirements for Level II. 5. Completion of at least 24 months at Level I or a comparable work experience. 6. Completion of sufficient cross training in Level II work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level II. C. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL II: 1. Satisfactory performance in all Level II duties. 2. Demonstrate a satisfactory level of developed knowledge for the performance of the work necessary to maintain operational excellence for IT Security systems and software, to perform the tactical work necessary for the planning and control of IT Security systems and software, and for providing subject matter expertise for projects and technical consulting as needed. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. D. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III: 1. Demonstration of a commendable level of proficiency in all Level II job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level III. 5. Completion of at least 24 months years experience at Level II or comparable work experience. 6. Completion of sufficient cross-training in Level III work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level III. 8. Demonstrated leadership potential in working with Level I and Level II personnel. E. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL III: 1. Satisfactory performance in all Level III job duties. 2. Demonstrate a satisfactory level of in-depth knowledge and understanding of performance of the tactical work necessary for the planning and control of IT Security systems and software, operational support and function as a subject matter expert for projects and technical consulting as required. 3. Demonstrate a satisfactory level of verbal and written communications skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing the operational and tactical support required to support technology and processes in the IT Security department. 5. Demonstrate a satisfactory level of leadership in assisting management in training and providing technical assistance to Level I and Level II personnel. F. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III TO LEVEL IV - IT SECURITY ARCHITECT 1. Demonstration of a commendable level of proficiency in all Level III job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing the operational and tactical support required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level IV. 5. Completion of at least 24 months experience at Level III or comparable work experience. 6. Completion of sufficient cross-training in Level IV work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level IV. 8. Demonstrated leadership potential in working with Level I, Level II Level III personnel. Physical Job Analysis: While performing the duties of this job, the employee is regularly required to sit, stand, write and operate a computer keyboard, standard office equipment and telephone. The employee is frequently required to move about and reach for items. The employee may occasionally lift and/or move up to 10 pounds. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. 240 Job Purpose: IT Security performs information technology risk assessments, develops information security policy and strategy and executes operations and processes required to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The IT Security Engineer is dedicated to providing operational and tactical support required to support technology and processes in the IT Security department. The primary objective of this role is to perform the tactical work necessary for the planning and control of IT Security systems and software. The secondary function of this role is to provide operational support. The tertiary function of this role is to act as a subject matter expert for projects and technical consulting as required. Job Responsibilities: 25% 1. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to IT Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Escalate when necessary. 25% 2. Product Management: Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above. 20% 3. Software Programming/Systems Configuration: Follow documented procedures to enter data and/or configuration specifications to augment or maintain the operational status of IT Security systems and software. Follow documented procedures to execute tasks to perform scheduled maintenance, batch processes and documented procedures for the routine support of IT Security systems and software. Guide and monitor subordinate staff in the completion of these tasks. 10% 4. Research & Development: Under the guidance of IT Security management: Make inquiries and investigate when needed for requests which requires additional information. Set and pursue development goals for certifications and continued education in IT Security. For the purpose of improving service delivery research new or existing technologies which are directly within scope of the work being done in this role. 10% 5. Technical Consulting: Present information in area of subject matter expertise as required. Develop technical security standards. 5% 6. Project Participation: Provide IT Security guidance through all phases of a project when identified as a necessary resource. 5% 7. Project Leadership: Under the guidance of IT Security management direct projects to design/build/run, improve or maintain software, systems and processes in the IT Security department. 8. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: 1. Bachelor of Science degree in CS/MIS or equivalency in education and related professional experience. 2. Five years of demonstrated proficiency with an Information Security Audit, Identity Management or Architecture focus in a business environment with most recent 24 months at Level II or comparable, professional experience. 3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. 4. Proven ability to provide a high level of customer service. 5. Demonstrated working knowledge in the (6) listed areas of the CISSP Common Body of Knowledge: Access Control Systems and Methodology, Cryptography; Operations Security, Physical Security, Security Architecture and Models, Network and Internet Security 6. Demonstrated working knowledge of information security concepts in at least (8) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle 7. Proof of technical certifications, training and professional experience in (6) technologies currently deployed at CUNA Mutual Group in Identity Management or IT Security. 8. (2) Professional certifications in one of the following programs: SANS Global Information Assurance Certification ISC2 ISACA Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position. • 12 months 2. Identify and describe this position’s most typical challenges or problems. • Incident handling involves processing alerts and reports of events. • Problem resolution is the handling of system and software failures and the identification of root cause. This may include recommending changes. • Tracking and monitoring is the process which documents and records events for incident handling and problem resolution processes. • Product Management is the tactical support of IT Security solutions. • Project Leadership is required to improve and maintain IT Security systems and software. • Prioritization is necessary to ensure configuration and maintenance occurs, service levels are met and critical systems are assigned priority. • Communication is required for the necessary recordkeeping and verbal communication to the business. • Workflow requires that the necessary tollgates, procedures, notifications and recordkeeping occur. • Collaboration is necessary in situations where technical consulting and project participation are requested. 3. Identify and describe this positions’ most complex duties and challenges or problems. • Developing and using influencing skills in the service delivery and project leadership roles. • Sustaining a resolute security posture based on industry best practices. • Technical acumen and development in systems and software IT Security. • Acquisition of subject matter expertise in IT Security. 4. Training and Workflow Direction: (check one). • ( ) Position does not conduct training or give workflow direction to other staff in own work area. • (X) Position does conduct training or give workflow direction to other staff in own work area or customers on a regular basis: A. X Training: 5% of time spent training on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst ** 235 IT Security Senior Analyst B. X Work flow direction: 5% of time spent providing workflow direction on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst ** 235 IT Security Senior Analyst 5. Job Impact/Nature of Work: The IT Security Engineer is dedicated to providing operational, tactical and some strategic support in order to maintain technology and processes in the IT Security department. This role requires the ability to follow workflow and execute tasks independently. With the guidance of IT Security Management this role has decision making responsibility and will be required to improvise. Competence and self-direction are required for aspects of the role which require technical consulting, project participation and project leadership. Oversight of the roles capability and quality of work will reside with IT Security Management and be facilitated by feedback from staff and clients. Analysis and good judgment are necessary in the performance of this role in order to properly prioritize tasks and use appropriate risk analysis to determine approach and next steps for incident response and problem resolution and notification; as well as provide direction to staff; and due diligence in the selection of security solutions. Failure to meet service levels or respond quickly to alerts or reports of events could lead to data loss or compromise, denial of service to systems and/or loss of customer confidence. The financial impact of these failures could be in multiples of $1000.00 with an estimated average cost of a security event at $21,000.00 as of 11-21-2005. Failure to perform due diligence in the selection and management of security solutions will escalate total cost of ownership for software and systems as well as create problematic and difficult to support infrastructure. 6. Internal/External Contacts: • Both email and voice communication within IT will be necessary to provide notification, status updates on events and technical consulting. • Email and voice communication will be required to communicate with third parties for incident response. • This role will be required to contact third parties for systems or software problem resolution. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. • On-call rotation required for 24x7 coverage. • More than average keyboarding required for data entry and business communications. 8. Additional Comments: The information in the above questionnaire is not intended to be all inclusive. However, it should detail the key aspects regarding the position involved. HR Compensation use only: Reviewed By: Date: Criteria for Job Advancement: CRITERIA FOR JOB ADVANCEMENT: Date: 1/23/2006 The following career ladder is being established for the IT Security Analyst position in the IT Security Department, comprised of 4 levels. Once the criteria for advancement is met, the incumbent may be considered for promotion to the next level in the career ladder if a business need for another position at a higher level exists and at management's discretion, as it relates to the following criteria: A. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I: 1. Satisfactory performance in all Level I duties. 2. Demonstrate a satisfactory level of fundamental knowledge and understanding of the operational support and performance of documented routine tasks required to support technology and processes in the IT Security department. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in the performance of the work necessary to maintain operational excellence for IT Security systems and software. B. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II: 1. Demonstration of a commendable level of proficiency in all Level I job duties including quality of work, productivity, initiative and job knowledge as it relates to the performance of the work necessary to maintain operational excellence for IT Security systems and software. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communications skills, creative skills, and customer service skills in operational support situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CISSP Common body of Knowledge and information security concepts as listed in the minimum requirements for Level II. 5. Completion of at least 24 months at Level I or a comparable work experience. 6. Completion of sufficient cross training in Level II work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level II. C. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL II: 1. Satisfactory performance in all Level II duties. 2. Demonstrate a satisfactory level of developed knowledge for the performance of the work necessary to maintain operational excellence for IT Security systems and software, to perform the tactical work necessary for the planning and control of IT Security systems and software, and for providing subject matter expertise for projects and technical consulting as needed. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. D. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III: 1. Demonstration of a commendable level of proficiency in all Level II job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level III. 5. Completion of at least 24 months years experience at Level II or comparable work experience. 6. Completion of sufficient cross-training in Level III work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level III. 8. Demonstrated leadership potential in working with Level I and Level II personnel. E. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL III: 1. Satisfactory performance in all Level III job duties. 2. Demonstrate a satisfactory level of in-depth knowledge and understanding of performance of the tactical work necessary for the planning and control of IT Security systems and software, operational support and function as a subject matter expert for projects and technical consulting as required. 3. Demonstrate a satisfactory level of verbal and written communications skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing the operational and tactical support required to support technology and processes in the IT Security department. 5. Demonstrate a satisfactory level of leadership in assisting management in training and providing technical assistance to Level I and Level II personnel. F. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III TO LEVEL IV - IT SECURITY ARCHITECT 1. Demonstration of a commendable level of proficiency in all Level III job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing the operational and tactical support required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3 . Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level IV. 5. Completion of at least 24 months experience at Level III or comparable work experience. 6. Completion of sufficient cross-training in Level IV work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level IV. 8. Demonstrated leadership potential in working with Level I, Level II Level III personnel. 235 Job Description Job Purpose: IT Security performs information technology risk assessments, develops information security policy and strategy and executes operations and processes required to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The IT Security Senior Analyst is dedicated to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. The primary objective of this role is to perform the work necessary to maintain operational excellence for IT Security systems and software. The secondary function of this role is to perform the tactical work necessary for the planning and control of IT Security systems and software. The tertiary function of this role is to provide subject matter expertise and technical consulting for projects, teams, and other customers as needed. 1. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to IT Security management and staff. Direct subordinate staff to coordinate response if event is escalated. Escalate when necessary. 2. Software Programming/Systems Configuration: Follow documented procedures to enter data, source code, and/or configuration specifications to augment or maintain the operational status of IT Security systems and software. Follow documented procedures to execute tasks to perform scheduled maintenance, batch processes and documented procedures for the routine support of IT Security systems and software. Guide and monitor subordinate staff in the completion of these tasks. 3. Product Management: Gather customer requirements, negotiate service level agreements and develop availability plans. Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software. Develop recovery plans to restore services. Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above. 4. Research & Development: Under the guidance of IT Security management: Learn new security concepts and achieve certifications as needed in order to learn and improve upon skills in the security space For the purpose of improving service delivery, research new or existing technologies which are directly within scope of the work being done in this role. Job Responsibilities: Page 1 of 5 1/29/2012 6. Technical Consulting: Present information in area of subject matter expertise as required. Develop and maintain technical security system standards, design patterns, and reference materials 7. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. 1. Bachelor of Science degree in CS/MIS or equivalency in education and related professional experience. 2. Three years of demonstrated proficiency in an Information Security Audit, Identity Management or Architecture function in a business environment with the most recent 24 months at Level I or comparable, professional experience. 3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. 4. Proven ability to provide a high level of customer service. 5. Demonstrated working knowledge in the (4) areas listed of the CISSP Common Body of Knowledge: Access Control Systems and Methodology, Operations Security, Physical Security, Network and Internet Security 6. Demonstrated working knowledge of information security concepts in at least (6) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle 7. Proof of technical certifications, training, or professional experience in (4) technologies currently deployed at CUNA Mutual Group in IT Security. 8. Strongly recommend professional certifications in one of the following programs: SANS Global Information Assurance Certification ISC2 ISACA Job Requirements: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position. • 12 months 2. Identify and describe this position’s most typical challenges or problems. • Incident handling involves processing alerts and reports of events. • Problem resolution is the handling of system and software failures and the identification of root cause. This may include recommending changes. • Tracking and monitoring is the process which documents and records events for incident handling and problem resolution processes. • Prioritization is necessary to ensure configuration and maintenance occurs, service levels are met and critical systems are assigned priority. • Communication is required for the necessary recordkeeping and verbal communication to the business. • Workflow requires that the necessary tollgates, procedures, notifications and recordkeeping occur. • Collaboration is necessary in situations where technical consulting and project participation are requested. • As an active member of an agile team, collaborate with the team to deliver on all aspects of the roadmap, backlog, and charter. • Effectively participate in the operation of the team’s solutions through proactive monitoring, operational automation, and operational support including incident resolution and on call rotations. 3. Identify and describe this positions’ most complex duties and challenges or problems. • Developing the skillset necessary for the support and maintenance of IT Security solutions. • Sustaining a resolute security posture based on industry best practices. • Technical acumen and development in systems and software within the area of specialization. • Acquisition of subject matter expertise in the field of specialization. Leverage the team’s platform(s) and solutions to provide IT services to stakeholders. Design, develop, and train stakeholders on self-service capabilities that allow IT teams to deliver value through consumption of the team’s platform(s). Understand non-functional requirements, IT responsibilities, and platform team standards and ensure development at the feature level meets all aspects of compliance, security, quality standards, and best practices. 4. Training and Workflow Direction: (check one). • ( ) Position does not conduct training or give workflow direction to other staff in own work area. Job Analysis: Page 2 of 5 1/29/2012 • (X) Position does conduct training or give workflow direction to other staff in own work area or customers on a regular basis: A. X Training: 5% of time spent training on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst B. X Work flow direction: 5% of time spent providing workflow direction on a ___ daily or X weekly basis To the following positions: Number Grade Classification Title(s) ** 230 IT Security Analyst 5. Job Impact/Nature of Work: The IT Security Senior Analyst is dedicated to providing operational support by performing documented procedures and routine tasks required to maintain technology and processes in the IT Security department. This requires the ability to follow workflow and execute tasks with a minimal level of direction. This role requires decision making responsibility but will be required to improvise in cases where there is not a documented procedure to cover a situation. Competence and self-direction is required for aspects of the role which require technical consulting and project participation. Oversight of the roles capability and quality of work will reside with IT Security management and be facilitated by feedback from staff and clients. Analysis and good judgement are necessary in the performance of this role in order to properly prioritize tasks and use appropriate risk analysis to determine approach and next steps for incident response and problem resolution and notification. Failure to meet service levels or respond quickly to alerts or reports of events could lead to data loss or compromise, denial of service to systems and/or loss of customer confidence. The financial impact of these failures could be in multiples of $1000.00 with an estimated average cost of a security event at $21,000.00 as of 11-21-2005. 6. Internal/External Contacts: • Both email and voice communication within IT will be necessary to provide notification, status updates on events and technical consulting. • Email and voice communication will be required to communicate with third parties for incident response. • In isolated cases this role may be required to contact third parties for systems or software problem resolution. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. • On-call rotation required for 24x7 coverage. • More than average keyboarding required for data entry and business communications. 8. Additional Comments: The information in the above questionnaire is not intended to be all inclusive. However, it should detail the key aspects regarding the position involved. HR Compensation use only: Reviewed By: Date: CRITERIA FOR JOB ADVANCEMENT: Date:1/23/2006 The following career ladder is being established for the IT Security Analyst position in the IT Security Department, comprised of 4 levels. Once the criteria for advancement is met, the incumbent may be considered for promotion to the next level in the career ladder if a business need for another position at a higher level exists and at management's discretion, as it relates to the following criteria: A. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I: 1. Satisfactory performance in all Level I duties. Criteria for Job Advancement: Page 3 of 5 1/29/2012 2. Demonstrate a satisfactory level of fundamental knowledge and understanding of the operational support and performance of documented routine tasks required to support technology and processes in the IT Security department. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in the performance of the work necessary to maintain operational excellence for IT Security systems and software. B. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II: 1. Demonstration of a commendable level of proficiency in all Level I job duties including quality of work, productivity, initiative and job knowledge as it relates to the performance of the work necessary to maintain operational excellence for IT Security systems and software. 2 Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communications skills, creative skills, and customer service skills in operational support situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CISSP Common body of Knowledge and information security concepts as listed in the minimum requirements for Level II. 5. Completion of at least 24 months at Level I or a comparable work experience. 6. Completion of sufficient cross training in Level II work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level II. C. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL II: 1. Satisfactory performance in all Level II duties. 2. Demonstrate a satisfactory level of developed knowledge for the performance of the work necessary to maintain operational excellence for IT Security systems and software, to perform the tactical work necessary for the planning and control of IT Security systems and software, and for providing subject matter expertise for projects and technical consulting as needed. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. D. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III: 1. Demonstration of a commendable level of proficiency in all Level II job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3 Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CISSP Common body of Knowledge and information security concepts as listed in the minimum requirements for Level III. 5. Completion of at least 24 months years experience at Level II or comparable work experience. Page 4 of 5 1/29/2012 6. Completion of sufficient cross-training in Level III work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level III. 8. Demonstrated leadership potential in working with Level I and Level II personnel. E. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL III: 1. Satisfactory performance in all Level III job duties. 2. Demonstrate a satisfactory level of in-depth knowledge and understanding of performance of the tactical work necessary for the planning and control of IT Security systems and software, operational support and function as a subject matter expert for projects and technical consulting as required. 3. Demonstrate a satisfactory level of verbal and written communications skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing the operational and tactical support required to support technology and processes in the IT Security department. 5. Demonstrate a satisfactory level of leadership in assisting management in training and providing technical assistance to Level I and Level II personnel. F. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III TO LEVEL IV - IT SECURITY ARCHITECT 1. Demonstration of a commendable level of proficiency in all Level III job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing the operational and tactical support required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3 Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level IV. 5. Completion of at least 24 months experience at Level III or comparable work experience. 6. Completion of sufficient cross-training in Level IV work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level IV. 8. Demonstrated leadership potential in working with Level I, Level II Level III personnel. While performing the duties of this job, the employee is regularly required to sit, stand, write and operate a computer keyboard, standard office equipment and telephone. The employee is frequently required to move about and reach for items. The employee may occasionally lift and/or move up to 10 pounds. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. 230 Job Description Job Purpose: IT Security performs information technology risk assessments, develops information security policy and strategy and executes operations and processes required to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries. The IT Security Analyst is dedicated to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. The primary objective of this role is to perform the work necessary to maintain operational excellence for IT Security systems and software. Job Responsibilities: 50% 1. Operational Support: In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems. Enter and maintain records, follow up on and provide status reports of all events. Provide timely notification of critical events to IT Security management and staff. Escalate when necessary. 35% 2. Software Programming/Systems Configuration: Follow documented procedures to enter data and/or configuration specifications to augment or maintain the operational status of IT Security systems and software. Follow documented procedures to execute tasks to perform scheduled maintenance, batch processes and documented procedures for the routine support of IT Security systems and software. 10% 3. Research & Development: Under the guidance of IT Security management: Set and pursue development goals for certifications and continued education in IT Security. For the purpose of improving service delivery research new or existing technologies which are directly within scope of the work being done in this role. 5% 4. Product Management: Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels. Provide feedback to define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software. 5. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time. Job Requirements: 1. Bachelor of Science degree in CS/MIS or equivalency in education and related professional experience. 2. One year demonstrated proficiency with an Information Security Audit, Identity Management or Architecture function in a business or academic environment. 3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. 4. Proven ability to provide a high level of customer service. 5. Demonstrated working knowledge in the (2) areas listed of the CISSP Common Body of Knowledge: Access Control Systems and Methodology, Operations Security 6. Demonstrated working knowledge of information security concepts in at least (4) of the following: digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e- mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle 7. Proof of technical certifications, training and professional experience in (2) technologies currently deployed at CUNA Mutual Group in Identity Management or IT Security. Job Analysis: 1. What is the average amount of time on the job for a new incumbent, who meets all minimum requirements, to learn most aspects of this position. 12 months 2. Identify and describe this position’s most typical challenges or problems. • Incident handling involves processing alerts and reports of events. • Problem resolution is the handling of system and software failures and the identification of root cause. This may include recommending changes. • Tracking and monitoring is the process which documents and records events for incident handling and problem resolution processes. • Prioritization is necessary to ensure configuration and maintenance occurs, service levels are met and critical systems are assigned priority. • Communication is required for the necessary recordkeeping and verbal communication to the business. • Workflow requires that the necessary tollgates, procedures, notifications and recordkeeping occur. 3. Identify and describe this positions’ most complex duties and challenges or problems. • Sustaining a resolute security posture based on industry best practices. • Technical acumen and development in systems and software within the area of specialization. • Acquisition of subject matter expertise in the field of specialization. 4. Training and Workflow Direction: (check one). • (X) Position does not conduct training or give workflow direction to other staff in own work area. • ( ) Position does conduct training or give workflow direction to other staff in own work area or customers on a regular basis: A. Training: % of time spent training on a ___ daily or ___ weekly basis To the following positions: Number Grade Classification Title(s) B. Work flow direction: % of time spent providing workflow direction on a ___ daily or __weekly basis To the following positions: Number Grade Classification Title(s) 5. Job Impact/Nature of Work: The IT Security Analyst is dedicated to providing operational support by performing documented procedures and routine tasks required to maintain technology and processes in the IT Security department. This requires the ability to follow workflow and execute tasks with a minimal level of direction. This role requires limited decision making responsibility but will be required to improvise in cases where there is not a documented procedure to cover a situation. Oversight of the roles capability and quality of work will reside with IT Security management and be facilitated by feedback from staff and clients. Analysis and good judgement are necessary in the performance of this role in order to properly prioritize tasks and use appropriate risk analysis to determine approach and next steps for incident response and problem resolution and notification. Failure to meet service levels or respond quickly to alerts or reports of events could lead to data loss or compromise, denial of service to systems and/or loss of customer confidence. The financial impact of these failures could be in multiples of $1000.00 with a current average cost of a security event of $21,000.00 (as of 11-21-2005). 6. Internal/External Contacts: • Both email and voice communication within IT will be necessary to provide notification and status updates on events. • Email and voice communication will be required to communicate with third parties for incident response. • In isolated cases this role may be required to contact third parties for systems or software problem resolution. 7. Are there any unusual physical conditions surrounding your work that can be considered disagreeable (such as heat, cold, wet, fumes, noise, etc.) and/or are you exposed to any accident and health hazards? If so, please give examples and occurrence frequency. • On-call rotation required for 24x7 coverage. • More than average keyboarding required for data entry and business communications. 8. Additional Comments: The information in the above questionnaire is not intended to be all inclusive. However, it should detail the key aspects regarding the position involved. HR Compensation use only: Reviewed By: Date: Criteria for Job Advancement: CRITERIA FOR JOB ADVANCEMENT: Date:1/23/2006 The following career ladder is being established for the IT Security Analyst position in the IT Security Department, comprised of 4 levels. Once the criteria for advancement is met, the incumbent may be considered for promotion to the next level in the career ladder if a business need for another position at a higher level exists and at management's discretion, as it relates to the following criteria: A. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL I: 1. Satisfactory performance in all Level I duties. 2 Demonstrate a satisfactory level of fundamental knowledge and understanding of the operational support and performance of documented routine tasks required to support technology and processes in the IT Security department. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in the performance of the work necessary to maintain operational excellence for IT Security systems and software. B. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL I TO LEVEL II: 1. Demonstration of a commendable level of proficiency in all Level I job duties including quality of work, productivity, initiative and job knowledge as it relates to the performance of the work necessary to maintain operational excellence for IT Security systems and software. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communications skills, creative skills, and customer service skills in operational support situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CISSP Common body of Knowledge and information security concepts as listed in the minimum requirements for Level II. 5. Completion of at least 24 months at Level I or a comparable work experience. 6. Completion of sufficient cross training in Level II work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level II. C. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL II: 1. Satisfactory performance in all Level II duties. 2. Demonstrate a satisfactory level of developed knowledge for the performance of the work necessary to maintain operational excellence for IT Security systems and software, to perform the tactical work necessary for the planning and control of IT Security systems and software, and for providing subject matter expertise for projects and technical consulting as needed. 3. Demonstrate satisfactory verbal and written communication skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. D. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL II TO LEVEL III: 1. Demonstration of a commendable level of proficiency in all Level II job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing operational support in the performance of documented routine tasks required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level III. 5. Completion of at least 24 months years experience at Level II or comparable work experience. 6. Completion of sufficient cross-training in Level III work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level III. 8. Demonstrated leadership potential in working with Level I and Level II personnel. E. CRITERIA FOR ACCEPTABLE PERFORMANCE AT LEVEL III: 1. Satisfactory performance in all Level III job duties. 2 Demonstrate a satisfactory level of in-depth knowledge and understanding of performance of the tactical work necessary for the planning and control of IT Security systems and software, operational support and function as a subject matter expert for projects and technical consulting as required. 3. Demonstrate a satisfactory level of verbal and written communications skills, team effort, and customer service skills with policyholder credit unions, co-workers, and other parties. 4. Demonstrate a satisfactory level of productivity, quality, creativity, and reliability in providing the operational and tactical support required to support technology and processes in the IT Security department. 5. Demonstrate a satisfactory level of leadership in assisting management in training and providing technical assistance to Level I and Level II personnel. F. CRITERIA FOR CONSIDERATION FOR ADVANCEMENT FROM LEVEL III TO LEVEL IV - IT SECURITY ARCHITECT 1. Demonstration of a commendable level of proficiency in all Level III job duties including quality of work, productivity, job knowledge, and initiative as it relates to providing the operational and tactical support required to support technology and processes in the IT Security department. 2. Demonstration of a commendable level of dependability, attendance, and contribution to team effort. 3. Demonstration of a commendable level of verbal and written communication skills, creative skills, and customer service skills in operational support duties, technical consulting and project participation situations. 4. Successful completion of professional certifications, training and professional experience and working knowledge in CIPPS Common body of Knowledge and information security concepts as listed in the minimum requirements for Level IV. 5. Completion of at least 24 months experience at Level III or comparable work experience. 6. Completion of sufficient cross-training in Level IV work to indicate the ability to perform adequately at that level. 7. Demonstration of the desire and capability to assume the more responsible duties of Level IV. 8. Demonstrated leadership potential in working with Level I, Level II Level III personnel. Compensation may vary based on the job level, your geographic work location, position incentive plan and exemption status. Base Salary Range: $74,328.00 - $133,868.00 CUNA Mutual Group’s insurance, retirement and investment products provide financial security and protection to credit unions and their members worldwide. As a dynamic and growing company, we strive to create a culture of performance, high standards and defined values. In return for your skills and contributions, we offer highly competitive compensation and benefit packages, significant professional growth, and the opportunity to win and be rewarded. Please provide your Work Experience and Education or attach a copy of your resume. Applications received without this information may be removed from consideration.