SUMMARY:
Develop and administer system and information ownership; information and data classification guidelines; standards and procedures. Develop, establish and maintain standards, procedures and guidelines to promote the security and uninterrupted operation of computer-based applications of the Information Systems department. Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information risks. Be responsible for the protection of the Credit Union’s assets and information which are processed by or stored in Credit Union computerized information systems.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Corporate
- Keep department staff and/or Credit Union staff informed of any pertinent information that may have a negative impact on credit union operations.
- Operates within the organization’s formal and informal structures, builds allies and relationships across departments, uses allies to build consensus and create results, understands others’ roles and perspectives, and can sell projects and ideas across the organization.
- Use good judgment when adhering to department and end user and/or member confidentiality.
- Generate new ideas, challenge the status quo, support change and use creativity to solve problems through a commitment to the use of innovative and modern approaches to work.
- Ensure the AVP of Information Systems receives an update at least one time a week on “critical items” affecting Information Security.
- Service Desk Response
- Monitor the Help Desk queue for new tickets and ensure tickets are routed to the appropriate area for resolution. Report any aged tickets to a department senior manager.
- Maintain the Help Desk ticketing environment to include categorization and prioritization of all incoming tickets in order to obtain resolution within defined service level requirements.
- Ensure response of at least 90% of all request/problems submitted through the ticketing system within the defined priority response of the Information Systems Service Level Agreement.
- Assist end users in learning new applications and processes, troubleshooting and when applicable offer solutions to provide more effective use of technology in order to build customer confidence and increase customer satisfaction.
- Shows sensitivity toward social issues and causes that are important to employees and/or customers.
- Clearly let staff know true intentions and expectations.
- Be responsive and receptive in a respectful and friendly manner in order to provide coworkers with personalized attention.
- Strive to always be proactive while remaining flexible and adaptive to the evolving needs of all Credit Union staff.
- Service Desk Resolution
- Manage all Credit Union security/network issues reported.
- Apply basic trouble shooting techniques for both hardware and software applications via telephone and email and determine if Level 2 support staff should be dispatched.
- Responsible for providing detailed documentation to vendor(s) when vendor support is required.
- Ensure resolution of at least 90% of all request/problems submitted through the ticketing system within the defined priority resolution time of the Information Systems Service Level Agreement. As necessary work with other team members for routing/escalating request/problems as needed for resolution.
- Infrastructure – Network: Maintain a scalable and sustainable infrastructure to ensure security, stability, and dependability.
- WAN/LAN Management, Hosting, Availability and Monitoring of Telecom Infrastructure (Switches/APs,MPLS,Cellular,Fiber,DSL,Ethernet,SIP,PRI,T1,POTS,etc)
- Firewall Admin and Hosting
- VPN Admin and Hosting
- DR Management and Hosting
- Maintain assigned OLA’s
- BCP Architecture, Design, Management and Hosting for IT Infrastructure
- Disaster Recovery – UAT and data validation
- Internet Proxy (access) Management and Hosting
- Security Appliance Management (IDS,IPS)
- Patch Management Systems
- IT Security and Network Infrastructure Architecture, Design and Documentation
- Security Policies and Process for Infrastructure (IS Specific)
- Remote Support after hours as needed
- 24/7 monitoring solutions with on call escalation as needed
- Security
- Develop and manage information security policies, procedures, standards and practices to safeguard the electronic data and systems hosted at the credit union
- Develop and maintain security standard and practices, and procedures for staff (both IS and Employee)
- Contract for third-party security audits to satisfy credit union’s due diligence of operations
- Manage credit union security layers including:
- DLP for network traffic (email and web) and end user devices
- UTM (spam, application, web, etc)
- IPS/IDS
- Endpoint Protection (AV, Zero-Day, APT)
- NAC and Rogue Device Detection
- LEM/SIEM (logging, event correlation)
- DDoS
- MDM Security Policies
- DNS
- Security Patching of all credit union technology infrastructure in all credit union locations
- Servers / Appliances /Workstations (PC’s / MACs) / Mobile Devices (Tablet / Smartphone / Laptop)
- Security Incident Response, reporting and mitigation
- Response to Vulnerability and Penetration testing of credit union network and infrastructure on a quarterly basis
- Mitigation of all items found in quarterly Vulnerability and Penetration testing
- System and Application access controls and logging
- Participate in credit union audits.
- Review and audit security policies for conformity with regulations
- Partner with the credit union Enterprise Risk Management team and/or other business units as necessary to satisfy compliance needs
- Management of credit union technical security/compliance strategies
- Staff Security Training & Awareness
- Annual Penetration Testing
- Enforcement of DLP standards and practices
- Mitigation of onsite security related events and Incident Response Management
- Vendor Management –
- Ensure 3rd Party solutions meet defined security process, procedures, etc.
- Provide and manage remote access solution from 3rd Party Vendors to the credit union
- Assist with risk rating of vendors
- Review proposed innovation/application/3rd Party systems to ensure appropriate security measures are in place
- Develop, apply, and evaluate regulatory policies and procedures for the department; ensure that staff comply with policies and procedures and understand changes in requirements; maintain a thorough knowledge of policies and procedures and trends in the credit union.
- Perform other duties as may be assigned
WHILE MANY THINGS HAVE CHANGED THROUGHOUT OUR LONG HISTORY AS A CREDIT UNION, ACTING WITH PURPOSE—WHETHER IT’S SERVING OUR MEMBERS, GIVING BACK TO OUR COMMUNITIES, OR CULTIVATING OUR EMPLOYEES—HAS REMAINED THE FOUNDATION OF WHAT WE DO. BANKING ON PURPOSE EXPLAINS OUR CHARACTER AND MOTIVATION. IT DRIVES OUR DECISION-MAKING, AND IS THE UNDERLYING REASON WHY PEOPLE SHOULD CHOOSE US AS AN EMPLOYER AND FINANCIAL INSTITUTION. BANKING ON PURPOSE IS NOT JUST A TAGLINE—IT IS OUR MISSION AND VISION, BOTH INTERNALLY AND EXTERNALLY.
Required Skills
OTHER JOB QUALIFICATIONS:
- Teamwork: works well with teammates locally and at remote offices; shares knowledge and is seen as someone to go to for help; contributes in peer meetings. Help foster a work environment of trust, and openness.
- Problem solving and decision making: demonstrates a sense of urgency; takes ownership of problems and follows temporary fixes with permanent solution.
- Communication: is clear and accurate in verbal and written communication; listens to peers and supported employees; follows directions and provides useful feedback.
- Professionalism: makes a positive impression in person, via phone, and electronically; models a “can-do” attitude; embraces additional responsibility; refrains from office gossip or conflict; works extra hours as-needed to ensure work is complete; adheres to corporate policy and encourages others to do the same.
- Must be willing to work as needed at any time on any day to ensure Credit Union operations are unaffected.
Required Experience
EDUCATIONAL AND WORK EXPERIENCE REQUIREMENTS:
- Minimum 5 years’ experience in technical field required.
- Minimum Bachelor’s Degree or equivalent security certifications.
- Experience in Credit Union or financial industry required.
SKILLS:
- Knowledge and experience working with Fortigate appliances is a strong advantage.
- Expert understanding of DLP technologies, VPN technologies, and next generation Firewall technologies.
- Knowledge of network design, IP management techniques, routing protocols (MPLS, BGP and OSPF) and encryption.
- Knowledge and experience with Shoretel VoIP phone systems and QoS.
- Experience with network management monitoring tools such as Nagios, Cacti, etc.
- Ability to coordinate corporate responsibilities with vendors.
PHYSICAL REQUIREMENTS: To perform this job successfully, the employee must be able to perform each essential job duty satisfactorily. All employees must be able to communicate face to face or through technology with or without reasonable accommodation. Employee will be in an office environment (well-lighted, heated and air-conditioned) typically stationed at a desk or table. Employee will be asked to sit and stand for various increments of time, and to lift/push up 10 lbs. Clerical office duties on various forms of technology are required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.
SAFE ACT Disclosure
All positions that have lending responsibilities must comply with all requirements under the SAFE ACT, as well as the union’s policies and procedures related to the SAFE ACT. This includes an obligation on the employee’s part to ensure that NMLA registration pertaining to the SAFE ACT is kept current. The employee must notify the credit union within 30 days of any changes that need to be reflected on the NMLS Registry.
EEO Disclosure
Georgia’s Own Credit Union is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law. Consistent with obligations under federal law, every company that is a federal contractor or subcontractor is committed to taking affirmative action to employ and advance women, minorities, disabled veterans, special disabled veterans, veterans of the Vietnam era, and other eligible veterans.