Overview

General Summary

Responsible for the safeguarding of sensitively classified data on the California Credit Union (CCU) network, responding to and investigating information security incidents, participating in information technology risk assessments, and development and delivery of security training and awareness for staff, all in accordance with the Information Security Program.

Responsibilities

Principal Accountabilities (60%)

• Investigate system security-related incidents, including suspected or confirmed system intrusions and other malicious acts; mitigate incidents in accordance with adopted policies and procedures. Escalate critical or unknown anomalous activity to the Vice President of Information Security (Security Manager).
• Performs proactive threat hunting, actively seeking indications of compromise to detect evasive threats throughout the credit union network.
• Assesses threat intelligence from dozens of reputable industry sources and develops plans and mitigation strategies to address the ever-changing threat landscape.
• Develops internal threat intelligence for use inside the organization and for sharing with other critical infrastructure peer organizations using approved channels.
• Assist the Security Manager in regular testing of key security controls and make calculated, risk-based decisions to mitigate vulnerabilities.
• Acts as the team lead on the credit union vulnerability and patch management programs, ensuring program Key Performance and Risk Indicators (KPIs and KRIs) are regularly measured and reported to the security manager.
• Work closely with Information Technology Services (ITS) and the Security Manager, to ensure the compliance of key Information Systems to the Information Security Program.
• As a key member of the Computer Security Incident Response Team, participate in mock incident response exercises, and utilize lessons learned to inform the Information Security Program.
• Manage full system operations for assigned systems, including, but not limited to, software updates, system configuration parameters, user configuration, and data backup and recovery processes.
• Develop and maintain application and hardware standards and retain full documentation for each assigned system.
• Maintain regular communication with ITS, other business units, and vendors regarding their business and technical plans to ensure adherence to CCU policies and standards.
• Research information security best practices and recommend changes to the Security Manager.
• Ensure plans are in place for effective backup of critical information as well as business continuity and disaster recovery controls in accordance with adopted policies and procedures.
• Assist the Security Manager with administration of the Security Training and Awareness Program; provide basic information security training and awareness to staff.
• Assists the Security Manager in developing new Key Performance and Key Risk indicators for communication to senior management or the board regarding Information Security Program effectiveness.
• Provides forensic analysis and reports on security incidents.
• Acts as a mentor and advisor to intermediate and junior staff, developing the team skillset and advancing the capabilities of the team as a whole.
• Participate in and contribute to cross-functional projects.
• Interact with vendors for purchases, repairs, installation, maintenance and support for new and existing systems.
• Perform system analysis periodically to optimize system capacity and efficiency.

Secondary Accountabilities (40%)

• Excellent written and oral communication skills; ability to communicate effectively and project a professional image when giving and taking information in writing, in person and over the phone.
• Ability to effectively present information to top management, internal groups and/or outside parties.
• Strong interpersonal skills with the ability to work effectively with individuals and groups at all organizational levels; ability to work independently and as part of a team.
• Ability to read, analyze and interpret common security and computer industry publications and technical journals and regulations.
• Ability to respond to common inquiries and/or complaints from customers, regulatory agencies or outside parties.
• Ability to define problems, collect data, establish facts and draw valid conclusions.
• Ability to interpret extensive variety of technical instruction in diagram form and deal with several abstract and concrete variables.
• Ability to take initiative, assume responsibility and prioritize tasks; good time-management, organizational, problem-prevention and problem-solving skills.
• Willingness and ability to adapt to changing business needs and deadlines.
• Ability to maintain confidentiality of sensitive information.
• Possess a work ethic that includes neatness, punctuality and accuracy.
• Ability to complete or resume tasks despite interruptions.
• Adhere to federal and state regulations, credit union policies, and other compliance obligations.
• Consistently achieve stated goals.
• Participate in required meetings and training.
• Support management and member decisions and goals in a positive, professional manner.

• Comply with BSA requirements as commensurate with position.
• Perform other duties as assigned.

Qualifications

Knowledge, Education, Certifications, Licenses:

• High School Diploma or equivalent; and
• Bachelor’s degree or equivalent; or
• Five (5) years of information security professional work experience, preferably within the financial services vertical.
• ISC2 CISSP, GIAC GCIA, GIAC GCFA, OffSec OSCP, ISACA CISM or similar certificates desirable.

Important Notes

Working Conditions and Physical Demands

Work is performed in a general office environment. This position does not require significant physical efforts; however, incumbent must be able to lift up to 50 lbs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job. Refer to the Safety & Health Policy found in California Credit Union’s Employee Handbook & Resource Guide.

EOE