Functioning in an expert capacity, incumbents in this role provide professional and technical support in the Information Security space. This position participates in the triage and resolution of Information Security events and alerts, responds to threats, and develops procedures to maintain the confidentiality, integrity, availability and accountability for all aspects of safeguarding or protecting information or data, in whatever form, for CUNA Mutual Group and its subsidiaries.
The primary objective of this role is to perform the analysis required to support the Incident Response function. The secondary function of this role is to participate in operational support when an event is escalated. The tertiary function of this role is to perform the tactical work necessary to support our managed security service providers and technical capabilities.
Act as a leader on multiple broad/complex initiatives of any size, including mentoring staff as needed.
Incumbents in this role perform the following responsibilities in an Independent/ Advanced capacity to support the most complex Information Security work across CMFG. This role supports initiatives with a high degree of ambiguity and breadth.
- Incident Response:
- Under the guidance of Information Security management, act as a member of the incident response team. Help design security procedures to detect and respond to threats.
- Product Management:
- Monitor system/software performance and utilization and carry out improvements to achieve the agreed upon service levels.
- Define and document routine procedures, configuration parameters, batch processes and scheduled maintenance for systems and software.
- Perform testing, quality assurance and schedule changes for non-routine updates and upgrades to systems and software.
- Develop recovery plans to restore services.
- Guide and monitor staff in the completion of delegated tasks in the accomplishment of the above.
- Oversight of managed service providers:
- Maintain relationships with managed service providers. Serve as a point of contact and liaison. Help drive continuous improvement with our providers.
- Operational Support:
- In accordance with service level agreements act as a single point of contact to monitor, screen and respond to alerts and reports of incidents or problems.
- Enter and maintain records, follow up on and provide status reports of all events.
- Provide timely notification of critical events to Information Security management and staff.
- Direct subordinate staff to coordinate response if event is escalated.
- Technical Consulting:
- Present information in area of subject matter expertise as required to include but not limited to incident response, vulnerability management, and threat intelligence.
- Develop and manage technical security procedures in accordance with industry best practices.
- Research & Development:
- Make inquiries and investigate when needed for requests which requires additional information.
- Research new and existing technologies that can be introduced or used to replace existing technologies.
- Project Participation:
- Provide Information Security guidance through all phases of a project when identified as a necessary resource to design/build/run, improve or maintain software, systems and processes.
- The above statement of duties is not intended to be all inclusive and other duties will be assigned from time to time.
- BS in MIS or CS or equivalent trade-off in related education and related professional work experience
- 8+ years' experience in investigating incidents while being part of an incident response team
- Experience working on Information Security Incidents, investigation, containment and remediation
- Extensive understanding of network, infrastructure, and computer related incidents and the technical response activities entailed
- Comprehensive knowledge of the CISSP Common Body of Knowledge
- Professional certifications in one of the following programs:
- SANS Global Information Assurance Certification
- Demonstrated working knowledge of information security concepts in at least (12) of the following:
digital forensics; cryptography; incident response; managed security services; web, url, mobile code filtering; network security; patch, configuration management; penetration testing; spyware, anti-virus, anti-worm detection; vulnerability management; web, e-commerce security; wireless, mobile security; security information management; OS, platform security; application development security; database security; end-point security; business continuity, disaster recovery; e-mail security; storage security; access control software; strong authentication; pki, digital signatures, certificate authorities; identity management, entitlement, authorization; password management, provisioning, single sign-on; audit & compliance; security policy; risk management; software development lifecycle, systems development lifecycle
- Experience designing and administrating log management solutions, Intrusion Detection Systems (IDS), Anti-virus products, Data Loss Prevention (DLP), File Integrity Monitoring (FIM), Active Directory, scripting, PowerShell, Operating Systems, or Networking equipment.
- Demonstrated Leadership skills and ability to influence a variety of audience
- Ability to navigate ambiguity
- Demonstrated good judgment and reliability
- Demonstrated expertise in architecture design with the ability to teach others
- Proven ability to clearly and effectively communicate business and technical information, both verbally and in writing.
- Proven ability to provide a high level of customer service
Job Id: R-004164