Information Security Compliance Officer
|Jun. 20, 2016 - Dec. 31, 2019|
|Salary Range:||60,000 - 75,000 annually|
|Department:||Elevations Credit Union|
|Description:||Elevations Credit Union is a member-owned not-for-profit financial institution serving more than 114,000 members along Colorado’s Front Range. Elevations provides a broad portfolio of financial products and services including checking and savings accounts, mortgage loans, credit cards, auto loans, home equity lines of credit, student loans, business loans and financial planning. Founded in 1953 as the U of C Federal Credit Union in Boulder, Elevations has grown from 12 members and less than $100 in assets to an institution that manages over $1.6 billion in assets and is the No. 1 credit union mortgage lender in Colorado. Elevations earned the prestigious Malcolm Baldrige National Quality Award, and Elevations was named one of the Best Companies to Work for in ColoradoTM in the large category. Readers of local newspapers name Elevations “Best Bank/Financial Institution,” “Best Mortgage Lender” and “Best Customer Service” year after year. To learn more, visit elevationscu.com.|
Reporting to the AVP of Corporate Risk Management this position will have responsibility for developing the Information Security Program and providing oversight and governance through individual responsibilities and as a member of the Information Security Oversight Committee. Recommend security improvements by assessing current situation; evaluating trends; anticipating requirements. Familiar with standard concepts, practices, and procedures related information security and maintains technical knowledge by attending educational workshops; reviewing publications. Ensure that we stay in compliance with regulatory guidance.
• Regularly perform audits and assessments of information systems, platforms, and operating procedures in accordance with established corporate standards:
o Determine security violations and inefficiencies
o Conduct and participate insecurity research about threats and vulnerabilities in order to suggest detection and protection improvements and means
o Perform risk assessments and testing of data processing systems
o Review and validate self-assessments
o Conduct functionality and gap analyses to determine the extent to which key business areas and infrastructure comply with statutory and regulatory requirements
o Tracks remediation of assessment and audit findings including testing of mitigation
• Keep abreast of evolving technologies to ensure appropriate security controls are implemented and maintained as organization processes change
• Identify security risks to the organization and evaluate and recommend appropriate security measures, from a strategic perspective, will help management understand the risks and the need to reduce them to acceptable levels
• Obtain or develop policies and procedures for submission to Risk Oversight Committee for approval/adoption
• Maintain and update Incident Response Program as well as lead event management, prepare Incident Reporting and Follow-up
• Develop IT Risk Alert response and monitoring
• Oversee investigations, suggest corrective actions and ensure information diffusion regarding targeted or potentially targeted areas
• Escalates potential risk and internal control weaknesses to management.
• Maintains the Logical Security Access program documentation through effective documentation of the access privileges to all systems related to core data processing system and routine review of access. Monitor Logical Security Access and Physical Security Access change requests and facilitate process.
• Maintains the program documentation for the Information Security Program
• Aids development and maintenance of Data Classification strategy including:
o Reconnaissance of data
o Align with information classification policy
o Move/delete/restrict data
o Review logical access
o Introduce Data loss prevention
• Prepares, monitors, creates and customizes various Corporate Risk Management and Information Security reports and Dashboards.
• Ensure that educational and communication programs are conducted to enhance the general security awareness
• Ensure cyber-security insurance policy is appropriate for the size and complexity of the organization and files claims as needed
• 4 year college degree or equivalent work experience A+ Security, CISA. or other relevant information security certifications preferred
Knowledge, Experience and Skill Requirements:
• 2-4 years of experience in Information Security
• 1-3 years Risk Management preferred
• Knowledge of System Administration, Network Security, Information Security Policies, Network Troubleshooting, Firewall Administration, Network Protocols, Routers, Hubs, and Switches preferred
• The ability to write effectively, to explain information security in layperson terms
• Possess the ability to effectively develop issue papers, memorandums, letters, work plans, and other types of written communication
This Job Description is not a complete statement of all duties and responsibilities of this position and may change with or without notice.
Candidates for certain positions may be required to submit to a credit history report in determining qualification for employment with Elevations Credit Union. If the position you are applying for requires a credit history report, any information received in such report will be not be the sole factor in making an employment decision. A history of personal financial irresponsibility may be reason for disqualification insofar as it relates to your potential job duties. Elevations Credit Union is aware that occasionally there are extenuating circumstances that may affect an individual's credit history. We comply with the Fair Credit Reporting Act and the Colorado Employment Opportunity Act. #LI-AK1
We are proud to be an EEO/AA employer M/F/D/V.
Elevations provides equal employment opportunity to all individuals regardless of their race, color, creed, religion, gender, age, sexual orientation, national origin, disability, veteran status, or any other characteristic protected by state, federal, or local law.
| Email Job to a Friend!|