Senior Security Analyst

Purpose & Core Values

The primary purpose of any position is to assist Community Choice Credit Union to live out our purpose: we believe in helping our neighbors achieve the life they desire. A key component of this purpose is to provide outstanding service to both internal and external members by living our core values.

Position Summary:

This position is responsible for administering critical security systems and review of risk and compliance of all credit union applications, systems, and networks. Working closely with other members of the IT team, key areas of focus will include administration of functions supporting the compliance and effectiveness of the Comprehensive Information Security Plan. This position is an individual contributor within the organization and partners with the Technology teams.

Core Competencies

• Core Values:
  1. Committed: We are committed to serving Michigan guided by the principles that underlie the credit union movement of service, integrity, and respect for every human being.
  2. Charitable: We Give Big every day to our membership, our communities, and each other. We are dedicated to supporting Michigan by giving our time and services to the communities we serve.
  3. Credible: We are our Members’ trusted financial advisors; each Team Member plays an integral role in the well-being of our Members’ financial lives and the success of Community Choice Credit Union.
  4. United: We are a Team. We unite to achieve success, celebrate success, and continually improve the service we provide to our members, our communities, and each other.

• Adaptability/Initiative: Adjusts quickly and effectively to changing conditions and demands, views change as a necessary and inevitable aspect of organizational life as well as an opportunity to learn new things. Is able to take on a variety of different tasks and roles in the organization. Can move in a relatively seamless manner from one task or focus to another and can fill in for other team members when they are absent or are experiencing work overload. Looks for new and productive ways to make an impact/value to the organization and/or team. Demonstrates a positive attitude when faced with organizational change and generates constructive feedback for continuous improvement. Demonstrates a professional demeanor.

Position Competencies

1. Accountability: Establishes clear expectations for self and others (if applicable) to achieve goals and objectives, establishes clear roles and responsibilities, gives regular feedback, and clearly communicates deadlines and desired results. In addition, holds self accountable for actions and continuously gains feedback for self-improvement
2. Analytical Thinking: Breaks down problems and issues into sub-components and then assesses the costs, benefits and risks of various options prior to selecting a particular approach. This includes the ability to explain various alternatives and explain or justify their decisions in a logical and systematic fashion.
3. Role Mastery of Essential Duties: Able to perform essential duties as outlined in job description. Contributes productivity and value within role. Is willing to learn and improve performance.

Essential Duties

• Administer critical security systems including but not limited to data loss prevention, network access controls, and intrusion prevention/detection.
• Acquire and maintain knowledge of rules and regulations to ensure compliance for all IT policies and applicable regulations.
• Provide input for network configurations, upgrades, performance, and disaster recovery to quickly resolve any situation in which data integrity issues, security vulnerabilities, or system interruptions may occur.
• Perform intrusion detection and response on all nodes on the network to ensure data integrity and protect the intellectual assets of the credit union through mitigation strategies and remediation activities.
• Work closely with the IT team to ensure systems updates and security patches are deployed consistent and effectively on all applicable systems.
• Maintain and verify software and vendor licenses for legal use and compliance in order to avoid interruptions to team member usage of software/hardware.
• Assist with the administration of the Comprehensive Information Security Program to ensure data integrity and protect the intellectual assets of the credit union.
• Prepare departmental procedures and documentation to track all changes made to network nodes while supporting controls and security initiatives.
• Plans, coordinates, and implements security measures for information systems to regulate access to computer data files and prevent unauthorized modification, intrusion, destruction, or disclosure of information.
• Trains users and promotes security awareness to ensure system security and to improve server and network efficiency
• Monitors current reports of computer viruses and intrusion detection to determine when to update virus protection or intrusion protection systems
• Documents computer security and emergency measures policies, procedures, and tests
• Confers with users to discuss issues such as computer data access needs, security violations, and programming changes
• Stay updated and educated on relevant and emerging threats such as malware or phishing campaigns, attack vectors, indicators of compromise, vulnerabilities, and current events
• Maintain a high quality of service for the Member Center Information technology systems with proactive system management.
• Assess, report, and communicate on threats, vulnerabilities and risks, recommending appropriate remedial actions for the impacted technologies, business units or departments
• Collaborate, brainstorm and develop solutions to better enhance the Cybersecurity program.
• Properly document issues and provide timely updates to the IT team on open issues/vulnerabilities and opportunities to create efficiencies.
• Coordinates the Information Security portion of external audits.
• Responsible for the maintenance of security risk assessments.
• Ensures adherence to the National Institute of Standards and Technology framework, and internal Security Program that ensures the integrity and confidentiality of 1st Advantage. These standards will relate to, but not limited to, anti-virus, physical security, and business continuity.
• Ensures the smooth running of the vulnerability scanning solution and engages with system owners on system patching.
• Continue to stay current on IT security trends and news and communicate with team members and managers
• Research, evaluate, document, and discuss findings with the IT teams and management
• Review various findings to provide recommendations to deliver security fixes and improvements
• Ensure enforcement of acceptable use policies and security guidelines

Job Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirement listed below are representative of the knowledge, skill, and/or ability necessary for this position.

Remote Work Eligibility

This position is fully eligible for a Hybrid Work Arrangement

Reasonable Accommodations

The physical and mental demands are representative of those that must be met by an employee to successfully perform the essential functions of their job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job requirements, physical demands and do so within our work environment.

Education

Bachelor’s Degree – Computer Science: Required

Experience

4 years of technical security experience.

4 years security detection techniques, event analysis and logic development.

5 years of IT operations experience.

Certification(s) Preferred

Information Security, Digital Forensics Incident Response (DFIR), and penetration testing training and related certifications are desired but are not a requirement. Example CISSP, GIAC, Microsoft Certified Systems Administrator: Security

Skills & Abilities

General knowledge of virus protection, penetration testing and communications security.

Virus protection, penetration testing, security awareness and other information security concepts.

Ability to communicate effectively with all levels of employees and outside contacts.

Leveraging knowledge of the Cyber Kill Chain Framework and working familiarity of the MITRE ATT&CK Framework

Having knowledge of malware analysis, Threat Hunting, Detection Engineering and reverse engineering

Mental Demands

The team member must be able to read and interpret documents or instruments, understand and/or follow complex written and oral instructions, make decisions, recall multiple policies or procedures, resolve problems or unique circumstances in a timely and efficient manner, be able to express oneself clearly and/or concisely, perform mathematical functions, and handle multiple, concurrent tasks.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is regularly required to talk or hear. The employee is frequently required to sit and use hands to finger, handle, or feel. The employee is occasionally required to stand; walk; reach with hands and arms and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually moderate.

General Statement

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all responsibilities, duties, skills, or working conditions.