Cybersecurity, Information Security, Risk Management
4 Year Degree/Bachelor Degree
Framework General Profile and Scope:
Requires knowledge and experience in own discipline/department; still acquiring higher-level knowledge and skills
Builds knowledge of the company, processes and customers
Manages own workload and occasionally provides informal guidance to colleagues with less experience
Solves a range of straightforward problems
Analyzes possible solutions using standard procedures
Receives a moderate level of guidance and direction
1. Investigations and Digital Forensics: Under the direction of Information Security management performs digital forensics acquisition and examination of evidence to support corporate investigation needs. Applies corporate methodology, leading practices and experience to maintain evidence integrity and ensure accurate fact-based examination results are reported. Formally attests (e.g. deposition, affidavit and testimony) to law enforcement and/or court of law regarding procedures performed and accuracy of examination results. Responds in a timely manner to digital forensics requests and maintains forensic lab technology, software and evidence. Identifies and recommends improved methods and procedures for digital forensics acquisition, examination and reporting. Partners and collaborates with Office of General Counsel, Human Resources, Fraud Examiners, external law enforcement and others as required.
2. Security Incident Response: Leads the execution of all phases of the corporate security incident response methodology by providing a structured and timely response to incidents according to the corporate security incident response plan. Provides timely notification of critical events to the security incident response team and directs subordinate staff to perform response activities. Leads preparation activities with IT and business staff and identifies improved methods for security incident response.
3. Security Governance Development: Participate in the development, review, ongoing maintenance and development of security policies, standards, processes, procedures and requirements to facilitate the establishment of common administrative controls for the delivery of security capabilities. Provide Information Security guidance through all phases of a project when identified as a necessary resource.
4. Security Awareness: Develop content for organization wide and targeted security awareness training. Present relevant information security topics through a variety of forums depending on the audience.
5. Disaster Recovery: Assist with the maintenance and testing of disaster recovery exercises and plans.
6. The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time.
1. Bachelors Degree in Computer Science, Information Systems or related field (or equivalent work experience).
2. Six+ years of demonstrated proficiency with an information security audit, assessment, engineering or architecture focus or comparable, professional experience.
3. Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing. Aptitude for speaking or communicating to varied groups of business and technical professionals.
4. Established skills and experience in the development of security policies, standards or other governance practices.
5. Demonstrated relationship management and consulting skills, including ability to effectively influence and negotiate.
6. Proven ability to provide high quality customer service.
7. In-depth knowledge of security issues in all areas of the Common Body of Knowledge.
8. Demonstrated working knowledge of information security concepts in at least (12) of the following: digital forensics; incident response; patch management; configuration management; vulnerability management; audit & compliance; security assessments; penetration testing; control governance frameworks; security & privacy related regulations; security governance (policies, standards); risk management; software development lifecycle; systems development lifecycle; business continuity; disaster recovery; cryptography; application security; network security; system security; database security; access management.
9. Financial Services industry experience strongly preferred.
10. Hold one or more professional certifications from the following programs: GIAC; ISC2; ISACA; CISSP, GSEC, GCFA, GSNA or CISA preferred
Physical Job Analysis:
While performing the duties of this job, the employee is regularly required to sit, stand, write and operate a computer keyboard, standard office equipment and telephone. The employee is frequently required to move about and reach for items. The employee may occasionally lift and/or move up to 10 pounds. The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
Who We Are
We are a financially strong insurance and investment company. For generations, we have partnered with credit union leaders to protect and grow their businesses; and help people plan, protect and invest for their future.
What We Do
We offer commercial and personal insurance products; lending and payment security solutions; and retirement, investment, data and analytics, and marketing services.
How We Help
We work with 95 percent of credit unions in the United States – protecting their business and their members. Millions of people trust us to help them deal with the financial realities of the day and provide for their loved ones. We’re honored to be part of the credit union movement and help people move confidently into the future.
BACK TO TOP
ISACA Career Centre is Just One of the Benefits.
Discover what else ISACA Membership has to offer!
The job you are trying to reach from was originally posted at ISACA Career Centre.