• The Information Security Specialist implements, tests, maintains, monitors and reports on the organization's information security in order to protect the credit union’s assets and prevent unauthorized access to credit union systems. This includes implementing strategies which mitigate risk to IT systems from internal and external exposures.
• Work closely with vendors, fellow employees, and management to provide timely statuses on network security, project implementations and aid resolutions.
• Utilize the vulnerability management system to identify and resolve hardware and software system risks. Utilize computer investigative techniques and forensic methods to identify operating or potential vulnerabilities. Conduct penetration testing and audits to ensure adequate protection of the organization’s assets.
• Conduct regular security monitoring and reporting of systems to ensure adequate security defenses, systems and settings are in place to protect against intrusion, theft, destruction or misuse of credit union information.
• Aid the business and technology teams to cover infrastructure security, disaster recovery, management of data, network architecture and design, user access management, and management of third parties. Monitor regulations and trends that affect financial institutions and establish effective restrictions to cybercrime. Provide ad hoc aid on special Information Security hot topics for the business.
• Provide assistance to IT Audits. Assist management in preparation for audits and assisting with remediation on established timelines. Assist with coordination of information security efforts with the Internal Audit and Risk Management departments.
• To maintain IT Compliance and Information Security standards in adherence with federal, state, information security and risk management policies, standards and guidelines. Maintain IT Security policies, procedures, manuals and guidelines ensuring they are updated, compliant. Complete forms and documentations that aids the policies and procedures for compliance, security, and maintenance of IT systems. Maintain the necessary documentation for the organization to ensure secure operations.
• Strictly adhere to and enforce system security policies and follow all company standards. Must comply with applicable laws and regulations, including but not limited to, the Bank Secrecy Act, the Patriot Act, and the office of Foreign Assets Control, in addition to all company policies.

Required Qualifications

​

• 4 years of relevant experience and an Associate degree in Computer Science, Information Systems, Cyber Security, Engineering, Business Administration, or equivalent experience.

​

Preferred Qualifications

​

• 2 years of relevant experience and a Bachelor’s degree in Computer Science, Information Systems, Cyber Security, Engineering, Business Administration, or equivalent experience.
• Security +, CE|H (Certified Ethical Hacker), GIAC, or CISA (Certified Information Systems Auditor), or other relevant technical or security certifications are highly desirable.
• Strong understanding of the function of IT infrastructure technologies including OS, Data Storage, Servers, Networks, Telephony, Web, Cloud, Technical Architecture and Performance Optimization techniques.
• Strong understanding of IT Security strategies, including incident response, attacker methodologies, vulnerability management, security information and event monitoring, system hardening, encryption technologies, and endpoint security management.
• Ability to analyze and understand how various IT equipment and software programs interrelate and interface with IT security systems, and the ability to identify and solve IT security issues.
• A high level of interpersonal and verbal communication skills necessary to relate to other people at their systems knowledge level.
• Ability to organize and prioritize work without direction from supervisor in situations where dramatic changes frequently occur. Required to operate with great latitude with independent judgment and initiative.
• Ability to manage multiple projects and support multiple support requests.
• Ability to effectively interact and direct the efforts of various IT vendors and suppliers.
• Ability to analyze complex situations and problems and do the necessary research using multiple sources of information to arrive at innovative solutions.
• Ability to work after hours on occasion to maintain or repair technical systems with and without short notice.

NA