Wescom Central Credit Union
Sr. Information Security Analyst (Data Security)
Wescom Central Credit Union, Anaheim, California, United States, 92808
POSITION SUMMARY:The Sr. Information Security Analyst is part of the Wescom Information Security department. This position is responsible for supporting and maintaining the necessary functions of Wescom's information security program. The senior analyst will act as the subject matter expert for one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security. This opportunity will provide exposure to a wide range of security technology in a supportive organization where data security is a company priority. As a senior member of the team, this position will provide guidance to other team members on technical and business-related issues.ESSENTIAL POSITION FUNCTIONS:Data Security:
Maintenance of tools, policies and procedures related to the data security program.Maintain an accurate data classification system that aligns with the data stored in the environment.Ensure that all data is properly identified and labeled according to classification.Ensure that data is protected and monitored according to its risk rating.
Governance, Risk and Compliance:
Conduct security reviews for third party vendors.Assist with information risk assessments of existing or new services and technologies, along with business counterparts.Maintenance of control inventory and their effectiveness.Review and monitor applicable laws, regulations, standards and frameworks to ensure compliance of the information security program.
Endpoint/System Security:
Security of workstation and servers including the management of EDR, UEBA, FIM and asset management.Hardening of systems following industry benchmarks such as CIS.Maintenance of SIEM platform and associated log sources.Oversee the remediation of endpoint and system vulnerabilities.
Network Security:
Security of the network including network segmentation, network access control, firewall policy monitoring, attack surface management and network threat monitoring.Identification of vulnerabilities in applications through static and dynamic testing.Protection of application utilizing application firewalls.Hardening of network systems following industry benchmarks such as CIS.
Identity and Access Management:
Manage the Identity Governance and Administration tool and all integrations.Security of identities and privileged accounts and all necessary technology including privileged access management, password vault, multi-factor authentication and identity detection and response.Establish and maintain role-based access and separation of duties.
Subject matter experts should be cross-trained across multiple domains to provide backup and assistance to other areas as needed.Lead the evaluation, implementation, selection, implementation, and maintenance of new solutions for the credit union.Provide technical guidance to other team members.Identify opportunities for improvement within the information security program.Conduct security risk assessments that analyze both security controls and technical vulnerabilities.Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution and/or prevention.Keep current with emerging security issues, trends and tools.Execute Security Awareness activities including internal phishing campaigns.Assist with gathering information security metrics to measure the effectiveness of the security program.EDUCATION AND EXPERIENCE:Bachelor's Degree, HS Degree or GED. Relevant proven experience will be considered in place of a bachelor's degree. CISSP and/or security certifications strongly preferred. 4-6 Years of experience in the Information Technology field, with a strong focus in performing IT Security related activities.OTHER SKILLS AND ABILITIES:Strong troubleshooting and analytical skills.Excellent written and verbal communication skills.Knowledge of conducting risk assessments and testing of controls.Strong knowledge in one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security.Skilled in configuring, deploying, and monitoring corporate security tools.Familiarity with Incident Response processes and procedures.Knowledge of vulnerability management lifecycle.Ability to handle multiple tasks with attention to detail, and perform duties with minimal supervision.Ability to use discretion when handling confidential information.Self-motivated and frequently demonstrates initiative by going 'above and beyond' performing what is required for the position.MATHEMATICAL SKILLS:Able to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Able to compute rates, ratios and percent and to draw and interpret bar graphs.PHYSICAL DEMANDS:The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle or feel; reach with hands and arms, climb or balance, stoop kneel, crouch, crawl; talk or hear and taste or smell. The employee must occasionally lift and/or move up to 25 pounds. Vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.WORK ENVIRONMENT:This position may qualify as Remote or Hybrid with a home base at one of Wescom's offices. The Remote or Hybrid status may be discontinued by Wescom in its sole discretion at any time and for any reason or no reason, with or without notice by Wescom or Employee. The work environment characteristics described here are representative of those an employee encounters while performing functions of this job. The noise level in the work environment is moderately quiet. It is a non-smoking environment.The above job requirements are representative of minimum levels of knowledge, skills, and abilities. The marginal functions have not been included. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.This job description in no way implies that these are the only duties to be performed. An employee will be required to follow any other job-related instructions and duties as requested by the supervisor and/or management.
#J-18808-Ljbffr
Maintenance of tools, policies and procedures related to the data security program.Maintain an accurate data classification system that aligns with the data stored in the environment.Ensure that all data is properly identified and labeled according to classification.Ensure that data is protected and monitored according to its risk rating.
Governance, Risk and Compliance:
Conduct security reviews for third party vendors.Assist with information risk assessments of existing or new services and technologies, along with business counterparts.Maintenance of control inventory and their effectiveness.Review and monitor applicable laws, regulations, standards and frameworks to ensure compliance of the information security program.
Endpoint/System Security:
Security of workstation and servers including the management of EDR, UEBA, FIM and asset management.Hardening of systems following industry benchmarks such as CIS.Maintenance of SIEM platform and associated log sources.Oversee the remediation of endpoint and system vulnerabilities.
Network Security:
Security of the network including network segmentation, network access control, firewall policy monitoring, attack surface management and network threat monitoring.Identification of vulnerabilities in applications through static and dynamic testing.Protection of application utilizing application firewalls.Hardening of network systems following industry benchmarks such as CIS.
Identity and Access Management:
Manage the Identity Governance and Administration tool and all integrations.Security of identities and privileged accounts and all necessary technology including privileged access management, password vault, multi-factor authentication and identity detection and response.Establish and maintain role-based access and separation of duties.
Subject matter experts should be cross-trained across multiple domains to provide backup and assistance to other areas as needed.Lead the evaluation, implementation, selection, implementation, and maintenance of new solutions for the credit union.Provide technical guidance to other team members.Identify opportunities for improvement within the information security program.Conduct security risk assessments that analyze both security controls and technical vulnerabilities.Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution and/or prevention.Keep current with emerging security issues, trends and tools.Execute Security Awareness activities including internal phishing campaigns.Assist with gathering information security metrics to measure the effectiveness of the security program.EDUCATION AND EXPERIENCE:Bachelor's Degree, HS Degree or GED. Relevant proven experience will be considered in place of a bachelor's degree. CISSP and/or security certifications strongly preferred. 4-6 Years of experience in the Information Technology field, with a strong focus in performing IT Security related activities.OTHER SKILLS AND ABILITIES:Strong troubleshooting and analytical skills.Excellent written and verbal communication skills.Knowledge of conducting risk assessments and testing of controls.Strong knowledge in one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security.Skilled in configuring, deploying, and monitoring corporate security tools.Familiarity with Incident Response processes and procedures.Knowledge of vulnerability management lifecycle.Ability to handle multiple tasks with attention to detail, and perform duties with minimal supervision.Ability to use discretion when handling confidential information.Self-motivated and frequently demonstrates initiative by going 'above and beyond' performing what is required for the position.MATHEMATICAL SKILLS:Able to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Able to compute rates, ratios and percent and to draw and interpret bar graphs.PHYSICAL DEMANDS:The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle or feel; reach with hands and arms, climb or balance, stoop kneel, crouch, crawl; talk or hear and taste or smell. The employee must occasionally lift and/or move up to 25 pounds. Vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.WORK ENVIRONMENT:This position may qualify as Remote or Hybrid with a home base at one of Wescom's offices. The Remote or Hybrid status may be discontinued by Wescom in its sole discretion at any time and for any reason or no reason, with or without notice by Wescom or Employee. The work environment characteristics described here are representative of those an employee encounters while performing functions of this job. The noise level in the work environment is moderately quiet. It is a non-smoking environment.The above job requirements are representative of minimum levels of knowledge, skills, and abilities. The marginal functions have not been included. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.This job description in no way implies that these are the only duties to be performed. An employee will be required to follow any other job-related instructions and duties as requested by the supervisor and/or management.
#J-18808-Ljbffr