SUMMARY
The Information Security Analyst will maintain the credit union’s information security program. The Information Security Analyst’s primary responsibility is the safeguarding of credit union information, by (1) evaluating the impact on the Credit Union’s security program resulting from changing business arrangements and changes to Credit Union information systems; (2) documenting compliance with NCUA Regulation 748 A&B, FFIEC, and PCI guidelines and other applicable local, state and federal rules and regulations; and (3) keeping management and the Board of Directors informed of the current status of the Credit Union’s information security program.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Plan and maintain the Credit Union’s Information Security Program to ensure the confidentiality, integrity, and availability of information managed by the Credit Union.
- Ensure the organization’s approach to managing information security is reviewed independently at least annually, or when major changes to security implementation occur.
- Report on vulnerability scanning activity quarterly.
- Ongoing completion and delivery of: information security risk assessments, security controls evaluation and testing, project and product development consultation.
- Ensure that programs and policies comply with governmental and industry regulatory standards to include, but are not limited to FFIEC handbook, GLBA, NCUA Regulation 748 A&B, PCI DSS, and HIPAA.
- Collaborate across the organization with Information Systems, Internal Audit, Facilities, Security and other departments to maintain and continue to develop enterprise data-security practices for employees, data, software applications, hardware, stored records, and telecommunications.
- Responsible for information security incident response plan maintenance, execution, remediation tracking and reporting, as well as responding to information security incidents or potential incidents in coordination with relevant Credit Union business units.
- Develop and maintain current and effective information security policies and standards.
- Consult with Information Systems and other business units during project and product development efforts. Ensure appropriate security controls are considered during vendor selection and development efforts.
- Maintain the organization’s Information Asset Inventory (register of applications and / or services with access to Credit Union data.)
- Periodically report to Executive Management and the Board of Directors on pertinent information security program developments.
- Ensure all employees receive mandatory training in information security awareness and information security policies, guidelines and procedures. Oversee the training process, including related educational materials and presentations, and ensure the understanding of their obligations and responsibilities within the objectives of the information security policy and program.
- Monitor and regularly report on regulations and technology trends that affect financial institutions.
- Establish and maintain the appropriate contacts with special interest groups or other specialist security forums, and professional associations.
- Perform other duties as may be assigned.
BANKING ON PURPOSE
While many things have changed throughout our long history as a credit union, acting with purpose—whether it’s serving our members, giving back to our communities, or cultivating our employees—has remained the foundation of what we do. Banking On Purpose explains our character and motivation. It drives our decision-making, and is the underlying reason why people should choose us as an employer and financial institution. Banking on Purpose is not just a tagline—it is our mission and vision, both internally and externally.
Required Skills
OTHER JOB QUALIFICATIONS:
- Must be an information security practitioner with at least 3+ years of hands on experience in managing information and cyber security risks.
- Good level of understanding of financial operations and technology
- Results driven with strategic qualities
- Ability to engage and motivate performance in others
- High degree of responsibility and integrity
Required Experience
EDUCATIONAL AND WORK EXPERIENCE REQUIREMENTS:
- Bachelor’s degree in computer science, information systems, business administration, accounting, finance, or related discipline.
- Global Information Assurance Certification (GIAC) and/or Certified Information System Security Professional (CISSP) required
- Knowledge of national regulatory compliance standards and frameworks such as GLBA, NCUA Regulation 748 A&B; HIPAA; and PCI DSS would be beneficial.
PHYSICAL REQUIREMENTS: To perform this job successfully, the employee must be able to perform each essential job duty satisfactorily. All employees must be able to communicate face to face or through technology with or without reasonable accommodation. Employee will be in an office environment (well-lighted, heated and air-conditioned) typically stationed at a desk or table. Employee will be asked to sit and stand for various increments of time, and to lift/push up 10 lbs. Clerical office duties on various forms of technology are required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.
SAFE ACT DISCLOSURE: All positions that have lending responsibilities must comply with all requirements under the SAFE ACT, as well as the union’s policies and procedures related to the SAFE ACT. This includes an obligation on the employee’s part to ensure that NMLA registration pertaining to the SAFE ACT is kept current. The employee must notify the credit union within 30 days of any changes that need to be reflected on the NMLS Registry.
EEO DISCLOSURE: Georgia’s Own Credit Union is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law. Consistent with obligations under federal law, every company that is a federal contractor or subcontractor is committed to taking affirmative action to employ and advance women, minorities, disabled veterans, special disabled veterans, veterans of the Vietnam era, and other eligible veterans.