Overview:
*****Local residents only unless willing to relocate.*****
The Security Analyst is responsible for maintaining and enhancing the security posture of the organization. This position provides a crucial role monitoring, analyzing, and responding to security incidents, as well as implementing security measures to protect the organization's information assets. Additionally, the position supports critical cybersecurity initiatives, working closely with IT Leadership to design, implement, and manage robust security solutions. The position reports indirectly to the SVP/Chief Information Officer to ensure appropriate segregation of security responsibilities.
Compensation:
Minimum $39.71/hour
Maximum $56.73/hour
Applicant with a desired mix of knowledge, skills, and abilities could anticipate $42.55 - $45.38
Responsibilities:
- Monitor security alerts and incidents, conduct investigations, and coordinate response efforts to mitigate threats
Utilize security tools and technologies to monitor the network for suspicious activity and potential threats
Respond to regular vulnerability assessments, penetration testing, identify potential security risks, and collaborate with IT Leadership to recommend remediation
Recommend, maintain, document and enforce security policies, procedures, incident response reports, root cause analysis, and standards to protect Harborstone's information assets
Maintain compliance with relevant regulations and standards, such as PCI-DSS, NCUA, DFI, FFIEC, and other regulatory guidelines
Coordinate with IT Leadership to promote a comprehensive and cohesive approach to security and security awareness training programs
Collaborate with IT Leadership on security architectures and systems to protect critical infrastructure and sensitive data
Ensure continuous maturity of appropriate security controls, policies, and procedures in compliance with industry standards (NIST, CIS 18, etc.)
In support of the Vendor Management Program, review SOC reports, disaster recovery, and similar documentation of current and potential business partners. Provide feedback and recommendations to IT Leadership
Stay up to date on the latest cybersecurity threats, trends, and technologies, ensuring the organization's defenses are continuously improved. Prepare reports for Cybersecurity Committee regarding current and potential threats
Assist IT Leadership in development of Annual Cybersecurity Report to the Board of Directors
Other job-related duties as assigned
Please note that a job description does not in any way identify ALL functions and/or responsibilities of the role. The position will support and/or provide service or value where needed.
Qualifications:
- Experienced and proficient utilizing Microsoft administrative and security portals
Ability to work non-standard hours as necessary to address incidents
Strong analytical and problem-solving skills, excellent communication abilities, ability to learn new systems, and proficiency with security tools and technologies
Highly adaptable and flexible; able to adjust quickly when production environments or automation tasks are adversely impacted
Strong customer service orientation with good written and oral communication skills
Proven analytical and problem-solving abilities
Ability to communicate complex issues in clear, concise format both verbally and in writing
Highly self-motivated and willing to learn and adapt to rapidly changing technology and share knowledge with other team members
Understanding of Windows Desktop/Server Operating Systems, Active Directory, Patch Management, Security Information and Event Management, and Endpoint Detect and Response
Understanding of relevant regulations and standards, such as PCI-DSS, NCUA, DFI, FFIEC, and other regulatory guidelines
Required Experience/Education:
Associates degree in Computer Science, Information Security, or a related field, required.
Bachelor's degree in Computer Science, Information Security, or a related field, preferred
Relevant certification such as Security+, CySA+, CC, or ISC2 Fundamentals, preferred
2 years or more experience in information security, with a focus on incident response, vulnerability management, and security monitoring software, required. 3-5 years, preferred.
Experience in the financial services industry, particularly within credit unions.
Physical Considerations:
Must be able to effectively read, write, and listen as well as communicate verbally, electronically and in written form with employees, members, board members, vendors, and the general public as required.
May be asked to handle, move, and/or carry large boxes of supplies weighing up to 50 pounds.
May require stooping, bending, squatting, and reaching for limited periods of time.
May require sitting and standing for long periods of time.
