Looking for an awesome place to work? We’re always on the look-out for people who are passionate, driven, and dedicated to doing the right thing on behalf our loyal members and the many communities that we serve. WECU has long been known as an employer of choice in Whatcom County. We’ve earned that distinction by treating employees fairly, with respect, and with an appreciation that when we show up in service of one another, great things happen. And, just between us, the benefits are top-notch, too. WECU is relentlessly committed to making a meaningful difference in the lives of our members. Jump on board if that sounds too good to pass up.
WECU is seeking an Information Security Administrator , to join our Information Security team located in Bellingham, WA. This role has the responsibility for implementing and supporting information security policies and guidelines for all information systems. The ISA reviews regulatory security policies, as well as best practices, and develops the technical solutions required in order to implement those requirements on servers, routers, firewalls and other LAN/WAN equipment. The ISA works with System and Network Administrators to monitor the security posture of all networked systems and takes appropriate steps to assist dealing with any vulnerabilities. The ISA provides network and security administration expertise and guidance for all aspects of WECU’s IT infrastructure. The ISA works with the other members of the Information Security team to prepare for and successfully pass multiple internal and external audits. The ISA maintains technical expertise on all networked hardware and software and appropriate security tools for those products.
KEY RESPONSIBILITIES INCLUDE:
-Perform or review technical security assessments of computing environments to identify points of vulnerability or non-compliance with established IT standards and regulations, make technical recommendations to mitigate, submit solutions to address issues through change management processes, and implement mitigation strategies.
-Ensures Information Security controls are integrated from the ground up on all IT projects.
-Designs, develops, implements or integrates Information Security systems and components including those for networking and computing environments including those with differing data protection/classification requirements.
-Assists Systems and Network administrators in the identification and implementation of appropriate information security functionality to ensure uniform application.
-Assesses and mitigates system security threats/risks throughout the program life cycle.
-Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
-Assists ISO in crafting an information security program and agenda that maintains the confidentiality, integrity, and availability of information assets while still permitting the organization to achieve its business goals.
-Participates in defining data sensitivity labels and helps to classify all data within the organization.
-Working in conjunction with the Information Security Team and Risk Management to ensure that disaster recovery and emergency operating procedures are in place and tested on a regular basis.
-Serves as a security resource to assist all departments with the research and/or implementation of security-related technologies and processes; Acts as go-to resource for all departments and assists them with Information Security and IT Risk Management activities.
-Maintain the organization's data loss prevention and Security Information and Event Management solutions.
-Assist in organizational incident responses processes.
-Maintains contact with vendors regarding security system updates and technical support of security products.
-Prepares recommendations and implements changes to work methods and procedures to make them more effective and/or to strengthen security measures.
-Advises Information Security Team on new innovations in the security industry and ensures that the organization is current with industry best practices.
-Maintains vulnerability management systems to aid in risk assessments.
-Serves as the technical subject matter expert and leads technical collaboration.
-Identifies control weaknesses, regulatory compliance issues, and potential areas of risk for all segments of the data processing and information technology business.
REQUIRED SKILLS, EXPERIENCE, AND EDUCATION:
Education and Experience
-Associate’s degree and 5 years’ experience in a security-related position or 7 years’ experience in a security-related position
-CISSP, CISA, or equivalent certification is preferred.
-Financial service experience strongly preferred.
-Experience supporting security planning, assessment, risk analysis, and risk management.
-Familiarity or previous experience with IDS/IPS, SIEM, DLP, firewalls, vulnerability management systems, and endpoint security products.
-Familiarity with financial services regulations and Information Security Best Practices.
-Strong technical writing skills.
-Understanding of and practical experience with internal certificate authorities, Microsoft Windows preventive and detective controls, Microsoft Active Directory design/architecture and security, data loss/leak prevention and multifactor authentication.
-Understanding of network design, encryption/PKI, mobile security, network security technologies and vulnerability management.