Eastman Credit Union is seeking an Information Security Analyst. Reporting to the Manager of Information Security, the Information Security Analyst will provide technical and administrative support for the management of the information security program.  Responsibilities include the following:

  • Responsible for daily operational security reports and other metrics to ensure operational conformity to           program guidelines and to identify security anomalies and potential security threats.   • Assists in the development of security architecture and security policies, principles, and standards.   • Leads internal penetration testing projects and other ethical hacking activities to validate and test                  information security controls under the direction of information security leadership.   • Works with information security leadership to develop strategies and plans to enforce security                       requirements and address identified risks.   • Researches, evaluates, and recommends information security related hardware and software, including           business cases for security investments.   • Serves in the information security responsibility role on any projects that impact information security to           ensure that security issues are addressed throughout the project life cycle.   • Coordinates all remediation activities related risk and security assessments and audits. These activities             include providing suggestions on management response to findings, and tracking progress and providing         status updates to information security leadership.   • Performs information security audit and control functions such as user access reviews, network account           auditing, and periodic process control tests.   • Develops and administers processes and procedures for network account and access management, such           as account provisioning and de-provisioning and role based access control.   • Participates in information security governance and oversight by serving as a member of the information          security committee.   • Assists in the investigation, analysis, and resolution of reported security incidents.   • Collaborates with various business units to identify security requirements using methods such as risk               analysis and business impact analysis.   • Stays abreast of information security industry developments, external threats, vendor community, and best       practices. Participates in industry collaborative efforts to monitor emerging security threats.   • Participates in various information security training and awareness activities for employees and members.   • Completes various information security projects and tasks as assigned.

Required Skills

REQUIRED SKILLS:

  • Strong technical knowledge of information security principles, including risk assessment and management,       threat and vulnerability management, incident response, and identity and access management.   • Good overall understanding of information technology infrastructures, including servers, storage, routers,       switches, firewalls, and associated network protocols and concepts   • Knowledge of relevant legal and regulatory requirements, and security industry best practices   • Financial services industry familiarity   • Excellent written and verbal communication skills   • Critical thinker, with strong problem solving skills

Required Experience

REQUIRED EXPERIENCE:

  • 5+ years in I/T, information security, auditing or risk management.   • Bachelor's degree in information technology, information security, or relevant business related                         field preferred   • Certification preferred: CompTIA Security+, CEH, CISSP, GSEC, etc

REQUIRED SKILLS:

  • Strong technical knowledge of information security principles, including risk assessment and management,       threat and vulnerability management, incident response, and identity and access management.   • Good overall understanding of information technology infrastructures, including servers, storage, routers,       switches, firewalls, and associated network protocols and concepts   • Knowledge of relevant legal and regulatory requirements, and security industry best practices   • Financial services industry familiarity   • Excellent written and verbal communication skills   • Critical thinker, with strong problem solving skills