Job Description and Requirements
Information Security Assurance Administrators strengthen the organization's information security posture through the construction, socialization and performance measurement of policies and procedures based on best practices, adopted frameworks, and risk assessment activities.
Essential Functions and Responsibilities:
- Contribute to the strategic and tactical initiatives involving activities associated with managing IT Risk.
- Assist with auditing systems, processes and users to ensure compliance with the organization's information security policies and procedures.
- Assist in the creation and analysis of information security reports on the performance of controls across the enterprise.
- Assist with documenting an organization’s information security requirements in a business context and participate in high-level discussions to identify and respond to business risks.
- Assist with security reviews with stakeholders throughout the organization, identifying gaps and developing risk mitigation plans.
- Provides ongoing support of an effective disaster recovery/incident response program. Works with management to ensure that disaster recovery/incident response plans drive proper strategy and procedures.
- Assist with the development and execution of testing processes utilized to validate the disaster recovery/incident response plans. Schedule and lead all tabletop exercises. Develop and understand all testing necessary for a successful execution.
- Works with the IT staff to ensure that disaster/incident response solutions are adequate, in place, maintained, and tested as part of the regular operational life cycle.
- Assist with the development and deployment of training documentation and communication of incident procedures to the organization.
- Assist with vendor risk assessments.
- With guidance, produce deliverables, specifically process flows, procedure documentation, writing specialized assessment reports, related to process, tools, and metrics and communication activities.
- All other duties as assigned (note: essential functions and responsibilities may change or new ones may be assigned at any time with or without notice).
Requirements:
- High School Diploma or GED. Bachelor’s degree in information technology preferred
- Minimum of 3 years’ experience in IT Operations, Security, Risk, and/or Audit
- Technical Project Management and/or Business Analysis experience desired
- Understanding of technical concepts including system, application and network functions and design
- Understanding of financial institution governance and regulations including SSAE16/18, FFIEC, GLBA and NCUA
- Must have high level of communications skills to communicate with all levels of management
- Experience supporting technical projects with technical and non-technical participants
- Experience directly supporting an organization's information security program through development and implementation of policies, standards and procedures
Skills and/or Certifications/Licensing
- Strong oral/written communication, organization, time management and interpersonal skills
- Highly proficient with Microsoft Office software
- Highly self-motivated, able to multi-task and manage deadlines well
- Security certificates, CISA other IT governance related certifications preferred
- Knowledge of regulations and best practices for information security including guidance published by NIST, FFIEC, and CIS
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.