Information Security Supervisor

Description

IT SECURITY SUPERVISOR

IT Security Supervisor is responsible to assist and advise in the development, deployment, and maintenance of the corporate information security strategy. They work to protect the information assets of the credit union and support the information technology governance policies and processes, compliance, information security, change control and business continuity plans. They assess software, computer systems, and networks for vulnerabilities, then research and recommend the best practices for an organizations needs. The IT Security Supervisor will use their knowledge of industry best practices, policies and good judgment in testing, monitoring and operating secure practices, in support of regulatory and compliance information security requirements. In the event of an IT security incident or breach, they are responsible for acting as a leading member of the IT Security Incident Response Team.

15% Review alert logic and virus reports on a daily basis. Perform daily monitoring for the occurrence of security incidents, as well as follow up to confirm remediation of issues. Where applicable, perform operating system, network and application vulnerability assessments to identify and prioritize security exposures in the environment. Participate in audits, address requests from internal and external auditors on company security controls and provide gap analysis against security practices. Perform system audits against hardening standards and base-line controls. Evaluate the results of the assessment, advise management, and propose remediation solutions.

15% Complete Investigations of security breaches or potential breaches and assist where required; ensuring appropriate monitoring reports system logs alerts for activities are in place; as well as follow up to confirm remediation of issues.

10% Coordinate the Change Management processes, lead Change Management Committee meetings, enhance change management procedures and follow change tickets from test to implementation, ensuring proper documentation and approvals are complete. Advise management on industry developments in business practice, technology, security issues and legislation that impact the companys security policy.

10% Under direction of the manager, enhance and/or assist in the development of Business Continuity Plans for all corporate and retail business processes. Understand and be able to discuss the practical and strategic role of business continuity planning and their integration into day to day processes.

10% Partner with business lines and users to enforce corporate information security policy and procedures, provide assistance in identifying risk(s) and associated controls required for ongoing processes, as well as proposed projects. Recommend regular security testing of employees (phishing, etc.) and security warnings/education to members.

10% Perform risk assessments on information security controls and conduct application specific security assessments. Risk assessments are conducted through a combination of questionnaires, automated tools, and penetration testing results. Evaluate the results of the assessment, advise department management, and propose remediation solutions.

10% Responsible for VPN access and control review on a monthly basis.

5% Administer security software solutions as needed.

5% Develop, document and implement information security procedures as required. Evaluate newly proposed security policies, partner with other business areas to identify required technology changes to comply and provide recommendations to management.

5% Prepare and provide regular written department reporting to the department management, noting trends, projects/status, initiatives, pending deadlines, etc.

5% Train Security Analyst/Coordinator to support department and develop skills

Qualifications

Experience

Five years of similar or related experience, including time spent in preparatory positions.

Prior financial institution or credit union experience required.

Education/Certifications/Licenses

CISSP (or in the process of obtaining)

College Degree or equivalent experience

Continuing education

Interpersonal Skills

A significant level of trust and diplomacy is required to be an effective subject matter expert in the position. In-depth dialogues, conversations and explanations with customers, direct and indirect reports and outside vendors of a sensitive and/or highly confidential nature is a normal part of the day-to-day experience. Communications can involve motivating, influencing, educating and/or advising others on matters of significance.