Job Description
Responsible for designing, developing, operating, and managing an enterprise-wide security risk program, policies and standards, application security assessments, identity and access management, threat intelligence, vulnerability life-cycle management and remediation, evaluation of new security technologies, and contributes to security incident and event management. This position requires a technical leadership role in the information security program. This role will work closely with IT, Software Development, Enterprise Risk, and other business leaders to drive a security-minded culture and promote security best practices for the implementation of technology.
Top Skills' Details
1. Security Architect with a service attitude and wants to mentor
2. IAM- Knows how to build a program and platform
3. Threat intel Program someone that knows how to structure the threat intel to digest and use it.
Secondary Skills - Nice to Haves
ESSENTIAL POSITION FUNCTIONS:
Design, develop, and drive the implementation of key information security programs such as Identity and Access Management, PCI Compliance, Threat Intelligence, Data Protection, and Incident Response
Provide expertise for the organization and other team members on information security technical and non-technical solutions
Participates in organization projects and acts as the subject matter expert (SME) for information security focused on secure design and protection of Wescom data
Conduct and facilitate security reviews, threat modeling, and design reviews throughout the development lifecycle
Develops key performance indicators and key risk indicators for monitoring the effectiveness of security controls in the credit union
Defines minimum security baseline configurations for hardware and software following industry standards
Develops monitor to measure compliance with the standard
Develop, implement, and maintain security and risk policies, standards, and procedures aligned with industry and PCI security compliance
Conduct third-party security assessments in support of Wescom’s Vendor Management Program
Identifies gaps in the environment through reviews, testing, and tabletop exercises
Act as a member of the incident response team by monitoring and responding to threats to the environment
EDUCATION, EXPERIENCE, SKILLS, AND ABILITIES:
Bachelor’s Degree, HS Degree, or GED
The relevant proven experience will be considered in place of a bachelor’s degree
CISSP and/or security certifications are strongly preferred
5-7 Years of experience in a technology-related field, with a strong focus in performing Information Security or Risk Management related activities
Experience in the Financial Sector is desired, but not required
Experience designing, managing, and monitoring in one or more of the following areas: Identity and Access Management, Threat Intelligence, Data Loss Prevention, PCI Compliance
Comprehensive understanding of regulations and frameworks including GLBA, FFIEC, NIST, PCI, and CIS
Strong interpersonal and negotiating skills. Ability to interface with all parts of the organization including executives, managers, and team members
Strong troubleshooting and analytical skills
Excellent written and verbal communication skills
Professional image with a service-oriented approach
Ability to influence change within the organization to support the implementation of new programs and initiatives
Ability to conduct threat modeling, risk assessments, testing of controls, and designing of risk mitigation strategies
Knowledge of secure baseline configurations and how to implement and monitor
Knowledge of secure application design
Ability to perform penetration testing and vulnerability assessments
Knowledge of network protocols, traffic log analysis, and network security architecture
Knowledge and experience in managing web application firewalls, next-generation firewalls, IDS/IPS, content filtering solutions, and Network Access Control
Ability to audit firewall rules and make recommendations by best practices
Knowledge of applying secure configurations to hardware and software
Skilled in configuring, deploying, and monitoring corporate security tools
Familiarity with Incident Response processes and procedures.
Ability to handle multiple tasks with attention to detail, and perform duties with minimal supervision
Ability to use discretion when handling confidential information.
Self-motivated and frequently demonstrates initiative by going “above and beyond” performing what is required for the position
Additional Skills & Qualifications
We offer our employees many benefits, both personal and professional:
• Benefits for Full-time and Part-Time employees
• Comprehensive medical, dental, and vision plan coverage
• 401(k) Plan with employer matching
• Paid time off including Vacation, Floating Holidays (full-time only), and Sick
• Discounted rates on loan products for employees
• Entertainment and Gym Membership discounts
• Generous Educational Reimbursement
• Wescom University dedicated to providing learning & development opportunities to employees
• Work/Life Balance