The Senior Information Security Operations Analyst will specialize as a subject matter expert and will be accountable at an intermediate to advanced level for the calibration, monitoring, and incident response processes for information security cyber controls and threat intelligence. This is a hands-on role. Controls include but are not limited to information sharing, vulnerability management, threat hunting, data loss prevention, scanning, remediation efforts, asset lifecycle, access methods, industry tools and practices. This role will be part of the Security Operations Group lead by the Director of Security Controls under the direction of the CTO with advisory services from vCISO.
The role will: lead compliance and regulatory requirement operations, develop solutions and processes that further the goals of the organization while ensuring the protection of our information. This role will work closely with Legal, Compliance, Enterprise Risk Mgt, HR, Physical Security, and IT teams to develop of a comprehensive practice/controls program and will contribute artifacts to the Information Security Steering Committee.
Accountabilities and Responsibilities
Leads third party and cloud-based security tools configurations and monitoring Assists in creating and monitoring information security policy, standards, controls and procedures Promotes security education and awareness Leads information security incident management efforts 24/7 Provides response and action plans in the event of a data security threat or issue. Supports Internal Audit with implementing security controls Provides recommendations for security controls and manage remediation of any deficiencies Contributes, maintains and reports on Key Performance and Risk Indicators (KRI/KPI) Other duties as assigned
- Provides security operation controls and response expertise to inform the cyber risk management governance program including: policy, standards, control procedures for managing IT assets, and topics for information security
- Proactively identifies and develops solutions to data security issues by working with multiple teams
- Effectively communicates security controls and business requirements to stakeholders
- Fosters strong relationships with IT leadership and process owners
- Works closely with outsourced SOC or other third parties in the identification, escalation, and resolution of all security related incidents
- In partnership with supporting third parties: calibrates, monitors, measures, reports and remediates exceptions for:
- preventative controls (access, DLP, account monitoring, mobile device management, exception),
- detective controls (threat and vulnerability, anomalous activity, events)
- corrective controls (patch management and remediation)
Credentials, Experience and Skills
- Bachelor s Degree or equivalent combination of education and experience.
- 5-10 or more years of overall information security experience
- Certified CISSP, CISM, Security+ or relevant experience
- Experience working with security frameworks (GLBA, COBIT, NIST, ISO etc.)
- Hands on experience working in Security Operations Center with monitoring and prevention, detection, and correction tools
- Experience leading information security incident management efforts including interfacing with outside legal counsel
- Experience working on DR/BCP teams
- Experience leading the deployment of enterprise security tools for 500 to 1000 employees
- Strong organizational skills and attention to detail
- Excellent interpersonal, writing and communication skills
- Ability to constantly prioritize and change or adapt to ambiguous situations
- Experience identifying and implementing creative process improvement solutions
- Knowledge of cloud security and cloud security controls
- Able to work with highly confidential information.
- Ability to solve complex business problems in a fast-paced business environment.
- Occasional travel
- Your ability to be bonded is required
Established in 1934, today SEFCU (State Employees Federal Credit Union) is among the 50 largest credit unions in the U.S. with more than $3.5 billion in assets, 330,000 members, and 50 branches in the Capital Region, Binghamton, Syracuse, and Buffalo. SEFCU is committed to Changing Lives Every Day through the donation of time, talent, and treasure.