Information Security Analyst

Feb. 23, 2018 - Feb. 23, 2021
Location:Boulder, CO
Exempt/Non-Exempt:Exempt
Benefits:Full Benefits
Type:Full Time
Department:Elevations Credit Union
Description:Position Summary: The Information Security Analyst is responsible for maintaining the confidentiality, integrity, and availability of data by coordinating and completing Information Security Program projects that protect Elevation’s network and systems. As a member of the Information Security Oversight Committee, the analyst will recommend security improvements by assessing current situations, evaluating trends, and anticipating future requirements. The analyst will be committed to designing, implementing, and improving processes to allow Elevations to identify and remediate risks and compliance gaps, to improve oversight of its risk posture, and to assure Elevation’s compliance with enterprise risk, compliance, and security programs.

Adheres to all Federal and State laws and regulations governing and applicable to the Credit Union, including the Bank Secrecy Act.

Major Duties and Responsibilities
• Coordinates audits and assessments of information systems, platforms, and operating procedures in accordance with established corporate standards:
o Performs risk assessments and testing of data processing systems
o Reviews and validates self-assessments
o Conducts functionality and gap analyses to determine the extent to which key business areas and infrastructure complies with statutory and regulatory requirements
o Tracks remediation of assessment and audit findings including testing of mitigation
• Keeps abreast of evolving technologies to ensure appropriate security controls are implemented and maintained as organization processes change
• Under guidance of the Information Security Oversight Committee, obtains and develops policies and procedures for submission to Risk Oversight Committee for approval/adoption
• Under guidance of the Information Security Oversight Committee, maintains and updates the Incident Response Program, as well as leads event management, prepares Incident Reporting and Follow-up
• Oversees investigations, suggests corrective actions and ensures information diffusion regarding targeted or potentially targeted areas
• Escalates potential risk and internal control weaknesses to management
• Maintains the Logical Security Access program documentation through effective documentation of the access privileges to all systems related to core data processing system and routine review of access. Monitors Logical Security Access and Physical Security Access change requests and facilitate process
• Maintains the program documentation for the Information Security Program
• Prepares, monitors, creates and customizes various Information Security reports and Dashboards.
• Ensures that educational and communication programs are conducted to enhance the general security awareness

Expectations:
• Business Partnerships – Proactively builds effective working relationships between individuals, teams, major areas of the organization, and/or external groups to achieve ones goals
• Customer Focus - Sets priorities, makes timely decisions, and takes actions to meet customer’s expectations
• Communication - Excellent communication/influence skills required, including reports; presentations; group facilitation skills; ability to develop professional relationships
• Team Player - Works cooperatively with others to help business line(s) achieve their goals
• Operational Efficiency - Provides insight to improve business processes to optimize IT Department and Information Security Team efficiency
• Quality Oriented - Self-imposes high standards of performance excellence for self and others, assuming responsibility and accountability for successfully completing assignments or tasks
• Driven - Goes above and beyond job requirements in order to achieve results
• Multi-Tasking - Able to execute multiple projects within required timelines and expectations
• Follows up to ensure intended actions are accomplished and results are achieved, seeks suggestions for improvement
• Self-Driven - Effectively manages one’s time and resources to ensure that work is completed efficiently with limited supervision
• IT Knowledge - Working knowledge and understanding of financial institution operation and business processes, including technology solutions used in financial institution operations
• Analysis - Demonstrated conceptual thinking and analytical skills

Knowledge, Experience and Skill Requirements:
• 4-6 years of experience in IT with 2-4 years of that time in Information Security
• Risk Management experience preferred
• Background/experience with ITIL preferred but not required
• Background/experience with Agile methodologies preferred but not required
• The ability to write effectively, to explain information security in layperson terms
• Possess the ability to effectively develop issue papers, memorandums, letters, work plans, and other types of written communication
Email Job to a Friend!
 

Managed by Job Match LLC, All Rights Reserved - iApplicants™ Applicant Tracking System © Copyright 2005-2018