Information Security Analyst

Position Summary

The Information Security Analyst is responsible for testing, documenting, evaluating, remediating, and improving
internal controls within the IT department for safety, effectiveness, and operational efficiency. The position requires
collaboration with internal and external audit and examining teams, IT management, consultants, and other
stakeholders to ensure compliance deliverables are met.

Work Location

This position is a hybrid role (remote option available) with a combination of working both onsite at the Headquarters 2
building in East Lansing and remotely. A schedule of expected onsite and remote work days will be discussed during the
interview process.

Compensation & Benefits

• Salary Range: $74,000-$90,000 dependent on experience
• 100% Company-Paid Health, Dental, Vision, Life, and Long-Term Disability Premiums
• Up to 26 days of PTO within your first year, as well as Volunteer Time Off & 11 Paid Holidays
• 401(k) with an immediate 2:1 Match
• Tuition Reimbursement
• 12 Weeks of Paid Parental Leave

Essential Duties and Responsibilities

Information Security Analyst:

• Implement, monitor, and manage advanced security technologies: SIEM, Firewalls, IPS, and other security
  related devices.
• Manage security configuration and operation standards for security systems and applications.
• Assists in the development and maintenance of the Credit Union's Information Security Program; this
  includes answering staff questions about security, responding to security incidents in a way that helps staff
  understand their role in security, and preparing materials for ongoing security knowledge transfer to staff.
• Collaborate on critical IT projects to ensure that security issues are addressed throughout the project life
  cycle.
• Perform incident management/response across the enterprise and provide consistent security monitoring,
  response, follow-up investigation, and determination of root cause. Evaluates security alerts generated by
  internal systems, vendors, and other industry sources.
• Work with credit union vendors and service providers to provide documentation for regulation compliance
  and adherence to applicable laws, credit union policies, and security standards.
• Assist in the collection of system information and procedures required by internal and external audits and
  examinations; assist in drafting responses to audits.
• Provide support for management and staff using security, reporting, and risk management applications and
  systems.
• Assist with developing and maintaining the Credit Union's disaster recovery plan; assist in the Credit Union's
  business continuity testing as part of the Information Technology team.
• Member of the CIRT (Computer Incident Response Team).
• Provides support for software patching systems and serves as part of the Security Alerts Team.

Knowledge, Skills and Abilities Required

Information Security Analyst:

• The position requires a high level of technical knowledge and experience in network architecture, design,
  configuration, and implementation. Candidate should have in-depth knowledge of network routing, firewalls,
  intrusion detection systems, internet filtering, anti-virus technology, application security, secure email
  gateways, and PCI and GLBA compliant environments.
• Minimum of four years of experience in network and/or security Administration is preferred.
• High school diploma or GED required.
• Candidate should have experience supporting network environments of 200 users which includes
  virtualization, wireless, and mobile technologies.
• A level of technical knowledge and experience normally acquired through completion of a four year program
  in computer science, CISSP (or other relevant certification) or equivalent education, training, and experience.
• Experience with multiple information technology systems: Windows Server 2003/2008, Windows 7/8/10,
  Mac OS, Active Directory, LINUX/AIX/UNIX, TCP/IP, LAN/WAN, VPN, and NAC.
• Excellent problem solving and troubleshooting skills.
• Experience in vulnerability testing and ability to plan and implement ongoing testing and monitoring
  programs and knowledge of IT operational infrastructure including business continuity.
• Knowledge of operation risk assessment methodology, mitigation development, monitoring and reporting.
• Proficient in MS Office products, including Word, Excel, and Visio.
• Excellent written and verbal communication skills and the ability to discuss complex technical issues with
  laypersons as well as highly technical individuals.

Physical Demands and Work Environment

• Required to sit, stand, walk; talk and hear; and ability to touch and interact with office equipment.
• Ability to lift up to 50 pounds.
• Normal office environment where there is minimal discomfort due to temperature, dust, noise and other
  factors.
• Exposure to potentially hazardous condition, i.e. robbery. Receives detailed instructions and procedures to
  be followed to minimize the exposure.