Information Security Officer

Description

YOUR PURPOSE
Responsible for the development of the Credit Union’s cybersecurity strategy, risk assessment, and delivery of comprehensive information security and privacy programs, which assures data and information is created, acquired, and maintained by the Credit Union and its authorized users; and is used in accordance with its intended purpose. This position is also responsible for overseeing the protection of the Credit Union’s digital assets, which includes all member data, and its infrastructure from internal and external threats and vulnerabilities, and ensures Credit Union compliance with statutory and regulatory requirements regarding information access, security, and privacy as it pertains to PCI, GLBA, or as directed. In addition to program requirements, this position is materially responsible for designing, integrating, implementing, and managing all enterprise network security systems, solutions, and services. Insofar, these responsibilities also consist of providing senior-level engineering, analysis, consultation, programming, and the identification, reporting, and resolution for security problems, high-risk exposure(s), and regulatory compliance.

YOU ARE RESPONSIBLE FOR
 Program Management 

• Direct and approve the design of all Credit Union information security systems, to include identification, authorization, and access processes and procedures
• Lead the implementation and establishment of a Credit Union-wide information security architecture and cybersecurity strategy and program
• Direct monitoring and management of Information Security defense and authentication/authorization systems and programs
• Provide guidance and advocacy regarding prioritization of infrastructure investments relating to all matters of information and cybersecurity
• Develop, implement, and maintain an on-going information security risk assessment program, specifically as it relates to regulatory compliance and the preservation of Credit Union digital assets
• Monitor information security trends internal and external to the organization and keep Senior Management informed on all security related issues and activities affecting the Credit Union
• Understand potential threats, vulnerabilities, security and compliance controls; direct the remediation, and communicate issues to the appropriate Information Services leadership or Senior Manager

 Systems Engineering

• Design, engineer, and implement security solutions to support the technology blueprint and digital assets of the Credit Union
• Develop and maintain current network and information security design documentation
• Assess network and systems operational risk before, during, and after systems and services commission and decommission, to include all services moved to cloud-based technologies
• Provide technical and organizational leadership in specialized areas of network and information security standards, practices, and procedures
• Lead security design review and threat modeling for new features and functionality as it relates to existing and new systems and services
• Perform risk analysis of engineering initiatives and production services; prioritize projects requiring focused testing; and manage vulnerability remediation processes across multiple departments and business units
• Participate in the development of materials to increase awareness of and adherence to information and cybersecurity best practices

 Analysis and Administration 

• Responsible for the security administration of enterprise-wide system and applications to ensure compliance with processes and procedures
• Monitor security vulnerabilities by analyzing a variety of network and host-based security appliance logs and determine the correct remediation action(s) and/or escalation path for each incident
• Analyze and provide information regarding instruction events, security incidents, and other threat indications and warning information to teams and leadership
• Conduct scripting to manage data integration and movement; engaged with vendors as needed; and create use-cases for security operations monitoring
• Prevention of cybersecurity incidents is accomplished through real-time monitoring, detection, response, and quick analysis
• Processes, policies, and procedures are developed and implemented to ensure an effective and compliant information and cybersecurity program

 SUCCESS LOOKS LIKE  

• Credit Union technologies and information assets, namely member data, are protected from threats and vulnerabilities
• Security initiatives and projects work to shape and ensure the preservation of Credit Union digital assets, and further the strategic plan
• Annual audits and assessments result in meeting the required technical and regulatory compliance controls with a high degree of control effectiveness
• Organizational leaders are kept apprised of all security trends and remain informed of inherent industry risks, threats, and attack vectors
• Engineered security solutions and services strike an effective and healthy balance between business objectives and the preservation and integrity of Credit Union technologies and digital assets
• Security appliances, technology, and services are configured and deployed to rapidly detect, deter, and report threats and vulnerabilities
• Success and assessment metrics are developed and routinely reevaluated for achieving desired project outcome(s) and organizational strategic alignment

Requirements

EXPERTISE YOU NEED

Education & Experience

Bachelor's degree in Computer Science, or a related technical or engineering discipline. Minimum five years’ experience in the area of information security, system engineering, design and cybersecurity along with enterprise experience working with, administering, and supporting Linux, Windows, and OSX operating systems.
 
Experience reviewing contracts, service agreements, and devising and implementing administrative and technical security controls
 
Working knowledge of common protocols such as: SNMP, HTTP/S, SMTP, KERBEROS, RADIUS, S/FTP, etc. Expert-level experience working with and utilizing scripting and programming languages such as Python, Perl, Shell, Ruby, and/or Java
 
Enterprise experience administering and working with DNS, DHCP, Microsoft Active Directory, Microsoft SQL, MySQL, Oracle and/or DB2. Application-level experience working with regulatory requirements, specifically PCI-DSS and GLBA, and conducting penetration and vulnerability assessments
 
Hands-on enterprise experience deploying, administering, and managing firewall appliances (Palo Alto/Cisco ASA), IDS/IPS, SIEM appliances, taps, and VPN
 
CISSP (Certified Information Systems Security Professional): Preferred

Capabilities 

• Self-directed and possesses the ability to work independently and balance competing priorities.
• Strong ability to work well in a team environment, build consensus and motivate others.
• Must have the ability to think analytically and solve problems under pressure.
• Must have the ability to periodically work nights and weekends for technology rollout and maintenance purposes
• Highly capable to read, analyze, and interpret general business processes, periodicals, professional journals, technical procedures, or governmental regulations. 
• Ability to write reports, business correspondence and procedure manuals.
• Ability to effectively present information to organization leaders and respond to questions from groups of managers, directors, and employees information and cybersecurity, its methodologies and practices in both a technical and non-technical manner.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. 
• Capable of clearly explaining complicated procedures in simple and understandable manner (both oral and written).
• Exceptional organizational and analytical skills; demonstrated skills in critical thinking, problem-solving and ability to manage changing priorities.

  ~ABLE TO… 

To perform the essential functions of this position an employee must be able to meet the following work place demands: ability to converse with others, detect sound, identify and detect objects, count, read, write, operate a computer, handle and feel objects, reach with hands/arms and be stationary and/or stand and/or move for long periods of time. Occasionally an employee will lift/pull/push and carry up to 25 to 50 pounds, stoop, kneel, crouch, crawl, climb and be able to maintain balance doing these activities. Position requires sound reasoning, good judgement and ability to apply knowledge toward work activities. The noise level is moderate and typical of a normal office environment. In accordance with the Americans with Disabilities Act, Horizon Credit Union will provide reasonable accommodation/s to qualified individuals with disabilities to perform the essential functions, unless such accommodations would cause the employer an undue hardship. To request an accommodation, please contact Human Resources.

 ~ABOUT THIS JOB DESCRIPTION

 The statements in this job description are intended to describe the essential functions and minimum qualifications for this position and are not intended to be an exhaustive list of all responsibilities, duties and skills required. Job descriptions are not intended nor do they create an employment contract and are subject to change at any time to accommodate business necessity. The Credit Union maintains its status as an at-will employer where applicable. In support of Horizon CU’s goals employees may perform other duties as assigned and all employees are expected to: 

• Exemplify our CORE Values
• Promote teamwork and collaboration
• Provide our members with the highest quality service