IT Info​/Security Manager

POSITION PURPOSE

Responsible for the total information security needs and the development and delivery of a comprehensive information and cybersecurity strategy to ensure the Credit Union's assets are adequately protected. The IT Information Security Manager will oversee modifications to the intrusion detection and prevention system, firewall, SIEM, anti-virus applications and other pertinent hardware in response to technological advances in order to maintain top-level security and protect the Credit Union's information from theft or disruption.

This position will also be responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the risk posture of the Credit Union.

This position reports directly to the CIO with a dotted line reporting to the CEO.

This position is located at our Corporate Office in Auburn Hills Michigan and has a requirement of 3 days per week on site.

Supervise and direct activities of the information security staff.

Research and recommend the purchase of software and hardware used for managing security systems.

• Investigate, test and install new security software applications as warranted.
• Negotiate contracts and coordinate activities with Credit Union vendors with respect to hardware upgrades, system maintenance, system monitoring and replacement.
• Remain abreast of information/cyber security technology and trends for improvements in the Credit Union's security infrastructure.

Develop, document and implement credit union policies related to network security.

• Maintain procedures to analyze, triage, contain, and eradicate malicious activity.
• Monitor user adherence of Credit Union security policies
• Lead the development of processes and procedures to improve incident response times, accurate analysis of incidents.
• Maintain regular contact with all departments to obtain information about possible security risks.
• Proactively communicates all incidents and possible security violations to the CIO and IT Security Committee.

Maintaining a comprehensive risk management program using generally accepted security management standards.

• Oversee programs for risk assessment, threat modeling, vulnerability management, and incident prevention.
• Perform routine risk assessments and execute tests of data processing systems to ensure functioning of data processing security measures.
• Be the IT lead on external audits/exams working with 3rd party partners and the NCUA and State of Michigan ensuring these partners get the documentation they need to complete their audits.
• Maintain effective professional relations with vendors and service providers.
• Ensure strict compliance with relevant standards and regulations. These include NCUA (National Credit Union Administration) regulations, GLBA (Gramm Gramm-Leach-Bliley Act), and other state/federal mandates
• Maintain a detailed incident response plan and conduct yearly table top testing.
• Serve as the IT lead for the Incident Response Team (IRT). Manage the lifecycle of a breach or security event, from detection to post-mortem analysis.
• Lead enterprise IT risk assessments.
• Ensure compliance with frameworks and requirements such as NIST.
• Evaluate the security posture of third-party vendors (Fin Tech partners, core processors) to ensure they meet the credit union's security standards.

Perform installation, configuration, maintenance, and troubleshooting of all aspects of security on the network

• Plans and implements any security upgrades or workstation and servers on the network. Schedule critical systems downtime during non-business hours and weekends for least impacting to users and members.
• Setup, configure and support internal and external network security devices.
• Investigate, test and install new security software applications as warranted.
• Lead in the development and implementation of security best practices and users appropriate use.
• Lead detailed risk analysis and risk assessment to identify, mitigate, and control risks to infrastructure, information systems, and data; advocate security and risk management to key stakeholders in order to balance security and business needs.
• Setup, configure, and support the patch management software and maintain documentation.
• Setup, configure, and support the vulnerability management software and maintain documentation.
• Setup, configure, and support the SIEM log management and maintain documentation.
  
  Works closely with the CIO to develop, document and implement policies related to support, security, and maintenance of all facets of the security infrastructure.
• Assist with ongoing security awareness programs educating users with proper security practices.
• Perform other duties, as assigned by management

• Bachelor's Degree in Information Security, related degree, or equivalent relevant work experience.
• Certifications preferred - CISSP or other security-focused certification.
• Ability to…