Job Classification: Full Time (40 hours/week)
FLSA Status: Exempt
Department: Information Technology (IT)
Reports To: VP of IT
Job Overview
The Information Security Analyst plays a crucial role in safeguarding our company's information assets, with a special focus on our credit union members’ financial and personal data. This role involves applying a full range of cybersecurity practices across the organization and working with various information types. There are advancement opportunities within the company for motivated individuals. This role offers a unique opportunity to protect critical information assets and contribute to the security posture of our organization. If you are passionate about cybersecurity and looking for a role that offers growth and challenge, we encourage you to apply.
Major Tasks, Responsibilities and Key Accountabilities
-
Support and contribute to the Information Security Plan (ISP), its vision, and roadmap in response to changing business needs and regulations.
-
Act as a key member of the incident response team as outlined in the Incident Response Plan (IRP).
-
Help develop and support security policies, standards, and procedures to provide administrative controls for the ISP.
-
Ensure compliance with industry regulations and accepted frameworks.
-
Conduct regular information security risk assessments, gap analyses, and contribute to clear, detailed technical reports and documentation.
-
Utilize cybersecurity tools and platforms for security data analysis and action recommendations.
-
Perform vendor analysis for due diligence related to third-party risk management.
-
Contribute to vendor and managed security service provider (MSSP) relationships, including selection and vetting.
-
Review and report on technical security assessments, including audits, vulnerability scans, and penetration tests.
-
Assist in the preparation and execution of regulatory examinations, and external audits.
-
Administer information security internal audits and report on ISP compliance, KPIs, metrics, and the effectiveness of IT and security systems.
-
Collaborate on recommendations to improve security and compliance.
-
Create and monitor internal tickets and ensure corrective actions from audits are implemented.
-
Prepare and present reports and technical information to management.
-
Provide risk/control expertise, advice, and support to various business units.
-
Develop and deliver information security awareness training and phishing simulations.
-
Participate in security briefings, meetings, and committees.
-
Provide after-hours support for security projects, events, or incidents as needed.
-
Collaborate on departmental budget planning.
-
Follow Processes and procedures established to ensure compliance with the Bank Secrecy Act (BSA). Complete required annual BSA training to ensure you understand your responsibilities that apply to BSA, including:
-
Understanding of BHCCU’s policies and procedures, as well as all rules and regulations which pertain to BSA.
-
Other duties as assigned.
Major Skills and Competencies
-
Knowledge of financial institution regulatory requirements from NCUA, Wisconsin DFI/OCU, Federal Reserve, FFIEC, preferred. Familiarity with frameworks like NIST, PCI, MITRE ATT&CK, etc. a plus.
-
Familiarity with security and training/testing tools such as Arctic Wolf SIEM/MDR, Sophos EDR/XDR, Mimecast, Egress, Cisco Umbrella, Nessus, KnowBe4, or similar is preferred.
-
Exceptional written and oral communication skills, with the ability to interact effectively at all organizational levels.
-
Critical thinking, problem-solving skills, and a willingness to lead and execute.
-
Comprehensive knowledge of technology systems, networks, and basic cybersecurity concepts.
-
Ability to work independently and in team settings.
-
Valid driver’s license and provide your own transportation.
Physical Job Requirements
-
Ability to move about and communicate with a diverse membership and employee group.
-
Ability to accomplish the described responsibilities using computers and technology.
-
Ability to sit and/or stand for extended periods of time.
-
Ability to work in a changing, challenging, and fast paced work environment.
-
Variable stress levels.
-
Occasional business travel.
Environmental Job Requirements
Typically located in a comfortable, quiet indoor area. There may be regular exposure to mild physical discomfort from factors such as dust, fumes or odors, temperature extremes, strong drafts, or bright lights.
Minimum Qualifications
-
Ability to multitask and prioritize.
-
Pass the pre-employment credit and background check.
-
Associate’s degree or certificate in information systems, cybersecurity, or equivalent experience; CISSP or other certifications are a plus.
-
At least five years of experience in information security, IT networking or administration, or a comparable role.
Blackhawk Community Credit Union is an Equal Employment Opportunity (EEO) employer. It is the policy of BHCCU to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.