Wescom
Sr. Information Security Analyst (Data Security)
Wescom, Anaheim, California, United States, 92808
Please use Firefox or Chrome internet browser to complete this application.
Current Wescom Employees:
Please visit the Career Center in Workday to search and apply for a current job opening.
We value and rely on the unique talents and contributions of our employees to absolutely excel in member engagement by Delivering Signature Experience.
Salary Grade:
161E
Salary Pay Range for This Position:
$111,400.00 - $172,700.00
POSITION SUMMARY:The Sr. Information Security Analyst is part of the Wescom Information Security department. This position is responsible for supporting and maintaining the necessary functions of Wescom’s information security program. The senior analyst will act as the subject matter expert for one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security. This opportunity will provide exposure to a wide range of security technology in a supportive organization where data security is a company priority. As a senior member of the team, this position will provide guidance to other team members on technical and business-related issues.
ESSENTIAL POSITION FUNCTIONS:The responsibilities for the subject matter expert for Data Security may include the following activities:
Maintenance of tools, policies and procedures related to the data security program.
Maintain an accurate data classification system that aligns with the data stored in the environment.
Ensure that all data is properly identified and labeled according to classification.
Ensure that data is protected and monitored according to its risk rating.
The responsibilities for the subject matter expert for Governance, Risk and Compliance may include the following activities:
Conduct security reviews for third party vendors.
Assist with information risk assessments of existing or new services and technologies, along with business counterparts.
Maintenance of control inventory and their effectiveness.
Review and monitor applicable laws, regulations, standards and frameworks to ensure compliance of the information security program.
The responsibilities for the subject matter expert for Endpoint/System Security may include the following activities:
Security of workstation and servers including the management of EDR, UEBA, FIM and asset management.
Hardening of systems following industry benchmarks such as CIS.
Maintenance of SIEM platform and associated log sources.
Oversee the remediation of endpoint and system vulnerabilities.
The responsibilities for the subject matter expert for Network Security may include the following activities:
Security of the network including network segmentation, network access control, firewall policy monitoring, attack surface management and network threat monitoring.
Identification of vulnerabilities in applications through static and dynamic testing.
Protection of applications utilizing application firewalls.
Hardening of network systems following industry benchmarks such as CIS.
The responsibilities for the subject matter expert for Identity and Access Management may include the following activities:
Manage the Identity Governance and Administration tool and all integrations.
Security of identities and privileged accounts and all necessary technology including privileged access management, password vault, multi-factor authentication and identity detection and response.
Establish and maintain role-based access and separation of duties.
Subject matter experts should be cross-trained across multiple domains to provide backup and assistance to other areas as needed.
Lead the evaluation, implementation, selection, implementation, and maintenance of new solutions for the credit union.
Provide technical guidance to other team members.
Identify opportunities for improvement within the information security program.
Conduct security risk assessments that analyze both security controls and technical vulnerabilities.
Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution and/or prevention.
Keep current with emerging security issues, trends and tools.
Execute Security Awareness activities including internal phishing campaigns.
Assist with gathering information security metrics to measure the effectiveness of the security program.
EDUCATION AND EXPERIENCE:
Bachelor’s Degree, HS Degree or GED. Relevant proven experience will be considered in place of a bachelor’s degree.
CISSP and/or security certifications strongly preferred.
4-6 Years of experience in the Information Technology field, with a strong focus in performing IT Security related activities.
OTHER SKILLS AND ABILITIES:
Strong troubleshooting and analytical skills.
Excellent written and verbal communication skills.
Knowledge of conducting risk assessments and testing of controls.
Strong knowledge in one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security.
Skilled in configuring, deploying, and monitoring corporate security tools.
Familiarity with Incident Response processes and procedures.
Knowledge of vulnerability management lifecycle.
Ability to handle multiple tasks with attention to detail, and perform duties with minimal supervision.
Ability to use discretion when handling confidential information.
Self-motivated and frequently demonstrates initiative by going “above and beyond” performing what is required for the position.
MATHEMATICAL SKILLS:Able to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Able to compute rates, ratios and percent and to draw and interpret bar graphs.
PHYSICAL DEMANDS:The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle or feel; reach with hands and arms, climb or balance, stoop kneel, crouch, crawl; talk or hear and taste or smell. The employee must occasionally lift and/or move up to 25 pounds. Vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.
WORK ENVIRONMENT:This position may qualify as Remote or Hybrid with a home base at one of Wescom’s offices. The Remote or Hybrid status may be discontinued by Wescom in its sole discretion at any time and for any reason or no reason, with or without notice by Wescom or Employee.
The work environment characteristics described here are representative of those an employee encounters while performing functions of this job. The noise level in the work environment is moderately quiet. It is a non-smoking environment.
The above job requirements are representative of minimum levels of knowledge, skills, and abilities. The marginal functions have not been included. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
This job description in no way implies that these are the only duties to be performed. An employee will be required to follow any other job-related instructions and duties as requested by the supervisor and/or management.
If you are applying for a Hybrid/Remote position, please note applicants are required to reside within our Wescom service areas which are defined as the following counties: Los Angeles, Orange, San Bernardino, Riverside, Ventura, Santa Barbara, San Diego, Imperial, Fresno, Kern, Kings, Madera, Merced, Mariposa, Monterey, San Benito, San Joaquin, San Luis Obispo, Santa Cruz, Stanislaus and Tulare counties.
#J-18808-Ljbffr
Current Wescom Employees:
Please visit the Career Center in Workday to search and apply for a current job opening.
We value and rely on the unique talents and contributions of our employees to absolutely excel in member engagement by Delivering Signature Experience.
Salary Grade:
161E
Salary Pay Range for This Position:
$111,400.00 - $172,700.00
POSITION SUMMARY:The Sr. Information Security Analyst is part of the Wescom Information Security department. This position is responsible for supporting and maintaining the necessary functions of Wescom’s information security program. The senior analyst will act as the subject matter expert for one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security. This opportunity will provide exposure to a wide range of security technology in a supportive organization where data security is a company priority. As a senior member of the team, this position will provide guidance to other team members on technical and business-related issues.
ESSENTIAL POSITION FUNCTIONS:The responsibilities for the subject matter expert for Data Security may include the following activities:
Maintenance of tools, policies and procedures related to the data security program.
Maintain an accurate data classification system that aligns with the data stored in the environment.
Ensure that all data is properly identified and labeled according to classification.
Ensure that data is protected and monitored according to its risk rating.
The responsibilities for the subject matter expert for Governance, Risk and Compliance may include the following activities:
Conduct security reviews for third party vendors.
Assist with information risk assessments of existing or new services and technologies, along with business counterparts.
Maintenance of control inventory and their effectiveness.
Review and monitor applicable laws, regulations, standards and frameworks to ensure compliance of the information security program.
The responsibilities for the subject matter expert for Endpoint/System Security may include the following activities:
Security of workstation and servers including the management of EDR, UEBA, FIM and asset management.
Hardening of systems following industry benchmarks such as CIS.
Maintenance of SIEM platform and associated log sources.
Oversee the remediation of endpoint and system vulnerabilities.
The responsibilities for the subject matter expert for Network Security may include the following activities:
Security of the network including network segmentation, network access control, firewall policy monitoring, attack surface management and network threat monitoring.
Identification of vulnerabilities in applications through static and dynamic testing.
Protection of applications utilizing application firewalls.
Hardening of network systems following industry benchmarks such as CIS.
The responsibilities for the subject matter expert for Identity and Access Management may include the following activities:
Manage the Identity Governance and Administration tool and all integrations.
Security of identities and privileged accounts and all necessary technology including privileged access management, password vault, multi-factor authentication and identity detection and response.
Establish and maintain role-based access and separation of duties.
Subject matter experts should be cross-trained across multiple domains to provide backup and assistance to other areas as needed.
Lead the evaluation, implementation, selection, implementation, and maintenance of new solutions for the credit union.
Provide technical guidance to other team members.
Identify opportunities for improvement within the information security program.
Conduct security risk assessments that analyze both security controls and technical vulnerabilities.
Monitor server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interpret activity and make recommendations for resolution and/or prevention.
Keep current with emerging security issues, trends and tools.
Execute Security Awareness activities including internal phishing campaigns.
Assist with gathering information security metrics to measure the effectiveness of the security program.
EDUCATION AND EXPERIENCE:
Bachelor’s Degree, HS Degree or GED. Relevant proven experience will be considered in place of a bachelor’s degree.
CISSP and/or security certifications strongly preferred.
4-6 Years of experience in the Information Technology field, with a strong focus in performing IT Security related activities.
OTHER SKILLS AND ABILITIES:
Strong troubleshooting and analytical skills.
Excellent written and verbal communication skills.
Knowledge of conducting risk assessments and testing of controls.
Strong knowledge in one or more of the following areas: governance, risk and compliance, endpoint/system security, network security, identity and access management and/or data security.
Skilled in configuring, deploying, and monitoring corporate security tools.
Familiarity with Incident Response processes and procedures.
Knowledge of vulnerability management lifecycle.
Ability to handle multiple tasks with attention to detail, and perform duties with minimal supervision.
Ability to use discretion when handling confidential information.
Self-motivated and frequently demonstrates initiative by going “above and beyond” performing what is required for the position.
MATHEMATICAL SKILLS:Able to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions and decimals. Able to compute rates, ratios and percent and to draw and interpret bar graphs.
PHYSICAL DEMANDS:The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to stand; walk; sit; use hands to finger, handle or feel; reach with hands and arms, climb or balance, stoop kneel, crouch, crawl; talk or hear and taste or smell. The employee must occasionally lift and/or move up to 25 pounds. Vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus.
WORK ENVIRONMENT:This position may qualify as Remote or Hybrid with a home base at one of Wescom’s offices. The Remote or Hybrid status may be discontinued by Wescom in its sole discretion at any time and for any reason or no reason, with or without notice by Wescom or Employee.
The work environment characteristics described here are representative of those an employee encounters while performing functions of this job. The noise level in the work environment is moderately quiet. It is a non-smoking environment.
The above job requirements are representative of minimum levels of knowledge, skills, and abilities. The marginal functions have not been included. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
This job description in no way implies that these are the only duties to be performed. An employee will be required to follow any other job-related instructions and duties as requested by the supervisor and/or management.
If you are applying for a Hybrid/Remote position, please note applicants are required to reside within our Wescom service areas which are defined as the following counties: Los Angeles, Orange, San Bernardino, Riverside, Ventura, Santa Barbara, San Diego, Imperial, Fresno, Kern, Kings, Madera, Merced, Mariposa, Monterey, San Benito, San Joaquin, San Luis Obispo, Santa Cruz, Stanislaus and Tulare counties.
#J-18808-Ljbffr