Information Security Manager
3.
4 Full-time 1 day ago Full Job Description
Summary:
Under the direction of the Vice President Information Technology, this position provides operational supervision for the Information Security department.
The Information Security Manager has the primary responsibility to provide technical guidance regarding all information security matters, through the understanding of multiple operating systems, directory structures and databases.
With knowledge of enterprise security management tools, security assessment software, data transmission, network topologies, firewalls, remote access, vulnerability scanning, encryption software and other security related tools.
Will conduct assessments, provides recommendations and overall enterprise technical security management, develops recommendations for standardized information security practices, policies and procedures, maintains an information security plan, incident response plan and provides oversight of compliance with information security laws, policies, rules, and regulations.
Essential Duties and
Responsibilities:
The Information Security Manager is the technical lead for recommending, implementing and configuring security related systems.
This position is responsible for conducting risk analysis with regard to protecting credit union information systems and member information.
The Information Security Manager is responsible for the NCUA risk assessment program and annual reporting to the Board of Directors pursuant to 12CFR748(a).
Develop and implement an ongoing risk management program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing.
Perform annual risk assessments as required by NCUA and other regulatory bodies using standardized toolsets.
The Information Security Manager will lead the identification of internal and external information security risks; perform risk and cost benefit analyses to determine appropriate levels of security controls; monitor information security to ensure compliance with privacy and information security policies and procedures.
Information Security Manager is responsible for the management, updating and testing of the Incident Response Plan.
The Information Security Manager will provide operational supervision over projects and day to day functions for the department.
This includes monitoring and reporting on activities, assisting when needed, escalating issues to appropriate individuals and assigning activities to department members.
The Information Security Manager will provide direct supervision over the Information Security department staff including routine scheduling, mentoring of skill development and monitoring of performance.
The Manager will provide input to the Vice President Information Technology regarding team member's performance, reviews and goal setting.
Lead the implementation, configuration, and acquisition of all cyber security systems.
Lead any investigations or incidents related to information security events, perform remediation and response along with root cause analysis.
Lead the Information System Security Committee meetings and responsible for reports as part of the committee.
Develop and administer system and information ownership; information and data classification guidelines; standards and procedures.
Develop, establish, and maintain standards, procedures and guidelines to promote the security and uninterrupted operation of computer-based application, network and data communication systems.
Provide standards for escalation and mitigation, response time standards and reporting.
Provide incident response reporting to Information Systems Security Committee.
Provide the lead in assessing risks, threats and vulnerabilities associated within the architecture design, application, O/S and complex network infrastructure.
Recommend and implement suitable countermeasures to mitigate such vulnerabilities.
Ensure changes to boundary devices such as firewalls, are configured and executed in a secure fashion highlighting any possible risks.
Work to ensure these changes are completed in line with policy.
Perform security testing and vulnerability analysis of new and existing systems, working with the responsible teams to ensure vulnerabilities are mitigated.
Include certification of servers before they move to the production environment.
Evaluate the impact on security of proposed new technologies or changes to the network architecture and document configuration and deployment standards and guidelines.
Select, develop and use tools and reports to monitor security settings, server and user permissions and related security configurations.
Identify issues that require further investigation.
Develop a monitoring program and ensure its use within the department.
Manage information security projects in accordance with established policies, guidelines and procedures.
Working with the Vice President Information Technology, draft the department budget and strategic plan.
Assist in monitoring progress towards strategic goals that fall within the department.
Evaluate security infrastructure with monitoring components for anomalous patterns and unknown behaviors.
Responsible for creation and maintenance of models utilized by artificial intelligence.
Review, analyze, and manage the closure of open audit findings.
Work with Information Technology department to mitigate vulnerabilities.
Cultivate, review, and interpret new sources of information on current and emerging laws, rules, regulations, and industry practice relating to Information Technology security.
Develop and maintain the Information Security Program including policies, procedures, guidelines, awareness and training plan, overall security infrastructure, and monitoring.
Design and monitor cost-effective security programs for the overall security and integrity of the Credit Union's electronic information, information systems, and Information Technology infrastructure.
Provide guidance and direction for the physical and logical protection of Information Technology resources to other departments.
Evaluate new and leverage existing technologies to develop automation solutions to streamline processes and respond to alerts.
Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers or administrators.
Assist in the preparation of the organization's disaster recovery and business continuity plans.
Assist Vendor Management team with reviews of annual SOC reports, ensuring vendors continue to maintain acceptable security levels.
Exercise awareness in regards to suspicious activity, money laundering or fraudulent behavior as it relates to cash transactions and overall transaction activity and document any such behavior so SAR filings can be considered.
Ensure compliance with all safety, security and compliance programs including but not limited to BSA, AML, OFAC, Branch Security and Safety.
Perform all other related duties as assigned.
Supervisory
Responsibilities:
This job supervises the day-to-day activity of the department team members.
This includes monitoring performance and assigning work as needed.
This job will provide input to the Vice President Information Technology regarding department team members' performance, reviews and goal setting.
Directly supervises employees in the Information Security Department.
Responsibilities include interviewing, hiring, and training employees; planning, assigning, directing and evaluating work; conducting performance appraisals; rewarding and disciplining employees; addressing complaints and resolving problems.
Shares responsibility for excellence in member service through staffing, training, coaching, and leading by example.
Qualifications Bachelors degree in related field preferred with three to five years related experience; associate degree from two-year college or school; with five years' related experience and/or training; or equivalent combination of education, experience or training.
Financial institution experience preferred.
Certified Information Systems Security Professional (CISSP) certification preferred.
Cyber security certifications desired include CompTIA Security+, EC Council Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK).
An understanding of regulations and frameworks such as National Institute of Standards and Technology (NIST), Payment Card Industry (PCI), and Center for Internet Security (CIS).
.
Estimated Salary: $20 to $28 per hour based on qualifications.
4 Full-time 1 day ago Full Job Description
Summary:
Under the direction of the Vice President Information Technology, this position provides operational supervision for the Information Security department.
The Information Security Manager has the primary responsibility to provide technical guidance regarding all information security matters, through the understanding of multiple operating systems, directory structures and databases.
With knowledge of enterprise security management tools, security assessment software, data transmission, network topologies, firewalls, remote access, vulnerability scanning, encryption software and other security related tools.
Will conduct assessments, provides recommendations and overall enterprise technical security management, develops recommendations for standardized information security practices, policies and procedures, maintains an information security plan, incident response plan and provides oversight of compliance with information security laws, policies, rules, and regulations.
Essential Duties and
Responsibilities:
The Information Security Manager is the technical lead for recommending, implementing and configuring security related systems.
This position is responsible for conducting risk analysis with regard to protecting credit union information systems and member information.
The Information Security Manager is responsible for the NCUA risk assessment program and annual reporting to the Board of Directors pursuant to 12CFR748(a).
Develop and implement an ongoing risk management program targeting information security and privacy matters; recommend methods for vulnerability detection and remediation and oversee vulnerability testing.
Perform annual risk assessments as required by NCUA and other regulatory bodies using standardized toolsets.
The Information Security Manager will lead the identification of internal and external information security risks; perform risk and cost benefit analyses to determine appropriate levels of security controls; monitor information security to ensure compliance with privacy and information security policies and procedures.
Information Security Manager is responsible for the management, updating and testing of the Incident Response Plan.
The Information Security Manager will provide operational supervision over projects and day to day functions for the department.
This includes monitoring and reporting on activities, assisting when needed, escalating issues to appropriate individuals and assigning activities to department members.
The Information Security Manager will provide direct supervision over the Information Security department staff including routine scheduling, mentoring of skill development and monitoring of performance.
The Manager will provide input to the Vice President Information Technology regarding team member's performance, reviews and goal setting.
Lead the implementation, configuration, and acquisition of all cyber security systems.
Lead any investigations or incidents related to information security events, perform remediation and response along with root cause analysis.
Lead the Information System Security Committee meetings and responsible for reports as part of the committee.
Develop and administer system and information ownership; information and data classification guidelines; standards and procedures.
Develop, establish, and maintain standards, procedures and guidelines to promote the security and uninterrupted operation of computer-based application, network and data communication systems.
Provide standards for escalation and mitigation, response time standards and reporting.
Provide incident response reporting to Information Systems Security Committee.
Provide the lead in assessing risks, threats and vulnerabilities associated within the architecture design, application, O/S and complex network infrastructure.
Recommend and implement suitable countermeasures to mitigate such vulnerabilities.
Ensure changes to boundary devices such as firewalls, are configured and executed in a secure fashion highlighting any possible risks.
Work to ensure these changes are completed in line with policy.
Perform security testing and vulnerability analysis of new and existing systems, working with the responsible teams to ensure vulnerabilities are mitigated.
Include certification of servers before they move to the production environment.
Evaluate the impact on security of proposed new technologies or changes to the network architecture and document configuration and deployment standards and guidelines.
Select, develop and use tools and reports to monitor security settings, server and user permissions and related security configurations.
Identify issues that require further investigation.
Develop a monitoring program and ensure its use within the department.
Manage information security projects in accordance with established policies, guidelines and procedures.
Working with the Vice President Information Technology, draft the department budget and strategic plan.
Assist in monitoring progress towards strategic goals that fall within the department.
Evaluate security infrastructure with monitoring components for anomalous patterns and unknown behaviors.
Responsible for creation and maintenance of models utilized by artificial intelligence.
Review, analyze, and manage the closure of open audit findings.
Work with Information Technology department to mitigate vulnerabilities.
Cultivate, review, and interpret new sources of information on current and emerging laws, rules, regulations, and industry practice relating to Information Technology security.
Develop and maintain the Information Security Program including policies, procedures, guidelines, awareness and training plan, overall security infrastructure, and monitoring.
Design and monitor cost-effective security programs for the overall security and integrity of the Credit Union's electronic information, information systems, and Information Technology infrastructure.
Provide guidance and direction for the physical and logical protection of Information Technology resources to other departments.
Evaluate new and leverage existing technologies to develop automation solutions to streamline processes and respond to alerts.
Monitor compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties, and referring problems to appropriate department managers or administrators.
Assist in the preparation of the organization's disaster recovery and business continuity plans.
Assist Vendor Management team with reviews of annual SOC reports, ensuring vendors continue to maintain acceptable security levels.
Exercise awareness in regards to suspicious activity, money laundering or fraudulent behavior as it relates to cash transactions and overall transaction activity and document any such behavior so SAR filings can be considered.
Ensure compliance with all safety, security and compliance programs including but not limited to BSA, AML, OFAC, Branch Security and Safety.
Perform all other related duties as assigned.
Supervisory
Responsibilities:
This job supervises the day-to-day activity of the department team members.
This includes monitoring performance and assigning work as needed.
This job will provide input to the Vice President Information Technology regarding department team members' performance, reviews and goal setting.
Directly supervises employees in the Information Security Department.
Responsibilities include interviewing, hiring, and training employees; planning, assigning, directing and evaluating work; conducting performance appraisals; rewarding and disciplining employees; addressing complaints and resolving problems.
Shares responsibility for excellence in member service through staffing, training, coaching, and leading by example.
Qualifications Bachelors degree in related field preferred with three to five years related experience; associate degree from two-year college or school; with five years' related experience and/or training; or equivalent combination of education, experience or training.
Financial institution experience preferred.
Certified Information Systems Security Professional (CISSP) certification preferred.
Cyber security certifications desired include CompTIA Security+, EC Council Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK).
An understanding of regulations and frameworks such as National Institute of Standards and Technology (NIST), Payment Card Industry (PCI), and Center for Internet Security (CIS).
.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
