Location : Eugene, OR
Duration : Full Time (permanent position)
Responsible for oversight of monitoring, detection, alerting, and responding to threats and threat alerts to the Credit Union information.
- Implement, and administer the life cycle of information security systems, including, but not limited to: vulnerability scanners, Security Information Event Management (SIEM) systems, antivirus solutions, and physical and virtual testing environments.
- Develop, document, and maintain procedures for assigned information security systems.
- Research information security best practices, vulnerability/exploit trends, & new information security technology.
- Investigate and mitigate information security-related incidents, including suspected or confirmed system intrusions and other information security related activity in accordance with adopted policies and procedures.
- Regularly collaborate and coordinate with information security analysts at local and partner credit unions regarding information security trends, product evaluations, information security controls, new technologies, and ISP concerns.
- Participate in industry collaborative efforts to monitor and discuss emerging information security threat intelligence.
- Collaborate with business units regarding the information security risk within business unit activities, and recommend risk mitigation options that align with credit union policies and Information Security Program (ISP)
- Participate as a key member of the Cybersecurity Incident Response Team (CSIRT), to include coordinating yearly cyber incident response testing and documenting the results and lessons learned.
- Provide regular, ongoing physical and information security training for all employees.
- Tests information security controls regularly, including remediation verification testing.
- Administer and maintain an enterprise-wide information security vulnerability scanning regimen.
- Recommend changes to the Information Security Program (ISP) based on needs and/or best practices.
- Function as the information security Subject Matter Expert (SME), including but not limited to providing information security risk expertise toward information system risk assessment activities and participating in the evaluation process for new software and hardware systems.
- Lead the effort and coordinate with IT to complete the FFIEC Cybersecurity Assessment Tool (CAT) annually.
- Apply basic investigative techniques, including interviewing, validating factual information, and preparing clear and concise reports, written and oral.
- Actively engage and communicate with internal, external, and potential members in a friendly, professional manner in person, over the phone, and via e-mail.
- Adhere to federal and state regulations, Credit Union policies, and other compliance obligations.
- Consistently achieve stated goals.
- Actively participate in security, disaster recovery, fire training, and other meetings and training as requested.
- Demonstrate leadership skills and maintain Corporate Values, Mission Statement, and Service Promises.
- Represent the Credit Union with a high level of integrity and professionalism.
- Research, resolve and/or communicate issues and potential problems to management and/or other business units.
- Adapt to and endorse change to support Credit Union goals and direction.
- Perform other duties as assigned.
Reports To: Information Security Officer
Work areas are inside in a climate-controlled environment with moderate background noise. This position requires travel that may include overnight trips outside the area. Position requires a flexibility to work extended hours including some weekend and evening hours when needed to provide remote or onsite support for system maintenance and emergency security situations.
Material and Equipment Used
Computer, Fax Machine, Copier, Scanner, Phone, General Office Supplies , Automobile
Physical Activities Required To Perform Essential Functions
Mobility: Approximately 80% of time is spent working at a desk. Balance of time (approximately 20%) is spent moving around work areas.
Speaking/Hearing: Ability to effectively communicate with others by phone and in person.
Vision: Ability to effectively use a computer screen and interpret printed materials.
Lifting/Carrying: Ability to transport files and office supplies up to ten (10) pounds.
Stooping/Kneeling: Ability to access files in low cabinets and shelves.
Reaching/Handling: Ability to input information into computer systems and retrieve and work with appropriate paperwork, equipment and supplies.
- Excellent written and oral communication skills; ability to communicate effectively and project a professional image when giving and taking information in writing, in person and over the phone.
- Ability to effectively present information to top management, internal groups and/or outside parties.
- Strong interpersonal skills with the ability to work effectively with individuals and groups at all organizational levels; ability to work independently and as part of a team.
- Ability to read, analyze and interpret common security and computer industry publications and technical journals and regulations.
- Ability to respond to maintain composure while under pressure.
- Ability to define problems, collect data, establish facts and draw valid conclusions.
- Ability to interpret extensive variety of technical instruction in diagram form and deal with several abstract and concrete variables.
- Ability to take initiative, assume responsibility and prioritize tasks; good time-management, organizational, problem-prevention and problem-solving skills.
- Willingness and ability to adapt to changing business needs and deadlines.
- Ability to maintain confidentiality of sensitive information.
- Possess a work ethic that includes neatness, punctuality and accuracy.
- Exhibit a professional, business like appearance and demeanor.
- Ability to concentrate in environment with background noise and complete or resume tasks despite interruptions.
- High School Diploma or equivalent; and
- At least two (2) years of Information Security experience including use of information security tools and activities (e.g., vulnerability scanning, IDS/IPS, port scanning, penetration testing and remediation, malware analysis, and security alert investigation); and
- At least five (5) years of Information Technology experience; and
- Certified Information Systems Security Professional (CISSP), or similar certification (e.g. GIAC, CEH); and
- Valid Driver’s License; and
- Bachelor’s degree in Computer Science, Information Technology, or related field is preferred, but not required; and
- Programming experience (e.g. PowerShell, Python, PERL) is preferred, but not required; and
- Must be bondable.
Anirudh | Recruiter | Email: firstname.lastname@example.org
Direct: 678-783-7432 | Work: 404 315-1555 Ext.623 | Fax: 678-302-4488
Softpath System LLC | 3985 Steve Reynolds Blvd | Bldg C Norcross GA 30093