Security Analyst jobs in Anaheim, CA

We’d like to welcome an Information Security Analyst II responsible for maintaining and continuously improving the Credit Union’s Information Security Program by performing risk analysis, internal risk assessments, assuring systems are hardened, and creating and maintaining Information Security documentation. 

JOB REQUIREMENTS & RESPONSIBILITES

• Develops, maintains and enhances Information Security Program (ISP) documentation, including technical and non-technical policies, standards, procedures, guidelines and plans. Non-technical documentation includes policies, standards and procedures addressing physical security (including facilities as well as information assets that include loan documentation, deposit records, signature cards, key and access code lists, vendor contracts, personnel security training and expertise, and insurance coverage. Additionally, information regarding control effectiveness should be gathered and documented, including information gained by security monitoring, internal risk assessments, metrics and independent tests.
• Helps manage the following Information Security Systems: Trellix (McAfee), Cisco Secure Endpoint, Solarwinds SEM and Patch Manager, StealthBITS, Lucy Security, Ncontracts, Citrix Sharefile, Proofpoint, FIS Business Risk Intelligence, Assurance Notification Manager, Meraki Wireless Networking, CISA Cyber Hygiene, ACET Desktop Application, GlobalCERTS Secure Mail Gateway.
• Develops, maintains and manages an internal ISP risk assessment program that includes risk assessments performed on projects initiated by the business unit as a part of the project planning process, as well as risk assessments performed prior to the purchase of new systems and before engaging with a third-party service provider.
• Monitors network IPS/IDS and SIEM systems and responds to alerts generated by those systems.
• Responsible for developing, maintaining and managing a formal log management standard and procedures to assure log files are reviewed on a regular basis and exceptions are noted and acted upon in a timely manner.
• Responsible for managing the ISP vulnerability scanning and software patching process. This includes system hardening and configuration management.
• Responsible for assisting third-party ISP audit firms and state and federal regulators during annual audits and exams, and preparing detailed management responses for each audit finding and suggestion.
• Responsible for continued development of the Credit Union’s Employee Security Awareness program and regular education/training of staff. This includes written documentation, staff presentations and presentations to newly hired employees during the employee orientation process.
• Makes recommendations to the SVP, Information Systems for improvements to the ISP.
• Addresses help desk requests related to network and ISP problems.
• Responsible for planning and leading the monthly ISP Committee Meetings, with guidance from the SVP, Information Systems. This includes developing and maintaining a standardized meeting agenda that includes regular reporting and metrics on all areas of the ISP, including vulnerability scanning, software patching, anti-virus/anti-malware, log file review, breaches and violations, spam and phishing, Active Directory permissions and access controls, and Websense Internet security and DLP.
• Fully understands the Credit Union’s security responsibilities under the Gramm-Leach-Bliley Act and NCUA Rules and Regulations Part 748a.
• Prepares written reports, as required, to the Board of Directors on the overall status of the ISP. The reports shall include results of the ISP risk assessment process, risk management and control decisions, service provider arrangements, results of security monitoring and testing, recommendations for determining acceptable residual risk, any known security breaches or violations and management responses, and recommendations for changes to the ISP.
• Remains informed and knowledgeable of all changes within the information technology industry, including information security best practices, as well as regulatory changes.
• Manages Ncontinuity, the Credit Union’s Business Continuity Plan software.
• Participates in annual IS Disaster Recovery testing, as well as BCP testing.
• Thorough understanding and ability to apply security standards as defined by the NIST Cybersecurity Framework.
• Completion of all LBS Financial Compliance training as specified for your position.  (See Compliance Matrix located on LBS Portal/Inside LBS/Compliance.)
  • Within introduction period
  • Thereafter based on position needs and requirements
• Every LBS Financial employee has a fiduciary responsibility to both members and employees.   These duties include 1) Duty of Loyalty 2) Duty of Care (safeguarding of assets) and 3) Duty to Report (suspicious, questionable, or unethical activities).
• Other duties as assigned.

EDUCATION & EXPERIENCE PREREQUISITES

1. Four (4) year College degree in Computer Science, equivalent certifications and/or equivalent experience.
2. Experience working in Information Security, preferably in a financial institution. Familiar with the Gramm-Leach-Bliley Act. Information Security Certification or equivalent experience.
3. A thorough understanding of NIST and ISO 27000 security standards.
4.    Excellent written and verbal communication skills.
5. Flexible hours and work schedule, as communicated by the SVP Information Systems

PAY RANGE
In accordance with California’s Pay Transparency Act (SB 1162), the expected salary range for this position is between: 

$27.56 - $35.20

Actual pay will be determined based on a candidate’s specific qualifications, including their knowledge, skills, education and experience, internal equity consideration, as well as other job-related factors permitted by law.

Note: As part of our screening process, LBS Financial conducts background investigations on candidates who have been extended a contingent offer and who have agreed and authorized us to do so.  This investigation will include a credit report, adult criminal history search, Social Security search, employment verifications and various Government regulatory and compliance searches like Terrorist Watch Lists etc.  

LBS Financial employees must be eligible to be bonded through a fidelity bond to cover employee loss and risk.  

For additional information about our Credit Union and to apply for this opportunity, please visit our website at www.lbsfcu.org/careers. EOE