Reporting to the Director of Infrastructure Management, the Systems Security Engineer s role is to ensure the stability, integrity, and efficient operation of SEFCU s information systems that support core organizational functions. This is achieved in conjunction with IT, Security Operations, to be the firm s resources for recommending, developing, implementing, and managing both operational and technical security solutions to address modern information security challenges. From performing threat assessments and systems patching to documenting incident response plans in helping to create overall security programs, that will deliver solutions that help meet our members needs for risk identification and mitigation, compliance, and overall business obligations.
The Systems Security Engineer will apply proven communication, analytical, and problem-solving skills to help identify, communicate, and resolve issues to maximize the benefit of SEFCU s IT systems investments. This individual will also mentor and provide guidance to the Systems Security Engineer staff.
Accountabilities and Responsibilities
Strategy & Planning
- Collaborate with all lines of SEFCU s Information Technology staff to ensure smooth and reliable operation of software and systems for fulfilling business objectives and processes.
- Work with executive team members, decision makers, and stakeholders to define business requirements and systems goals, and to identify and resolve business systems issues.
Acquisition & Deployment
- Deploy new security applications and enhancements to existing security applications, software, servers, storage and operating systems.
- Perform cost-benefit and return on investment analyses for proposed systems to aid management in making implementation decisions.
- Conduct research on software and systems products to justify recommendations and to support purchasing efforts.
- Interact and negotiate with vendors, outsourcers, and contractors to secure system-related products and services.
- In support of IT, Security Operations, handle day-to-day and project-based implementation, monitoring, and operational support of managing all internal/external security tools
- In support of IT, Security Operations, implement solutions that support compliance and risk mitigation goals
- Assist with internal and client-focused incident response efforts, including real-time response, tabletop exercises, and plan development
- Leverage security engineering fundamentals and processes based on best industry practices as well as standards such as NIST, ISO 27001/27002, and FFIEC/NCUA guidance and controls
- Participate in security team meetings
- Participate in project and change management meetings
- In support of IT, Security Operations, help clients identify operational and technical gaps in information security programs and recommend solutions
- In support of IT, Security Operations, design and perform server and security audits, system backup procedures, and other recovery processes in accordance with the company s disaster recovery and business continuity strategies.
- Recommend modifications or improvements for technologies, documentation and process for improving security
- Other duties as needed
Credentials, Experience and Skills
- Bachelor s Degree and 5 years of System Security Engineering experience, or Associate Degree and 6 years related experience, or 8 years related experience.
- Ability to solve complex business problems in a fast-paced business environment.
- Certified Information Systems Security Professional (CISSP) certification in good standing; CISM, CISA, or SANS security-focused certifications are a plus
- Experience with Service Organization Controls (SOC), or Center for Internet Security (CIS) standards
- Knowledge of international, federal, and state information security and privacy regulations and industry requirements such as GDPR, HIPAA, PCI DSS, and state breach notification laws
- Experience with GRC or related information risk management tools is a plus
- Your ability to be bonded is required
- Occasional travel
Knowledge & Experience
- Proven experience in providing business-focused security solutions.
- Proven experience with systems planning, security principles, and general software management best practices.
- Excellent understanding of the organization s goals and objectives.
- Knowledge of applicable data privacy practices and laws.
- Good project management skills.
- Excellent written, oral, and interpersonal communication skills.
- Ability to conduct research into systems issues and products as required.
- Ability to communicate ideas in both technical and user-friendly language.
- Highly self-motivated and directed, with keen attention to detail.
- Proven analytical and creative problem-solving abilities.
- Able to prioritize and execute tasks in a high-pressure environment.
- Strong customer service orientation.
- Ability to work in a team-oriented, collaborative environment.
Established in 1934, today SEFCU (State Employees Federal Credit Union) is among the 50 largest credit unions in the U.S. with more than $3.5 billion in assets, 330,000 members, and 50 branches in the Capital Region, Binghamton, Syracuse, and Buffalo. SEFCU is committed to Changing Lives Every Day through the donation of time, talent, and treasure.