Information Security Analyst (Onsite)

The Information Security Analyst is responsible for enhancing Frontwave’s security posture by implementing and auditing CIS Critical Controls. This role involves developing a security program that complies with NCUA Part 748 Appendix A, remediating findings from penetration tests and audits, and presenting monthly security reports. The analyst will manage vulnerabilities, audit device configurations, monitor security incidents, and collaborate with IT System Administrators to ensure security best practices. Additionally, the analyst will conduct regular security assessments, educate staff on cyber topics, and review 3rd party SOC reports to ensure vendor security programs meet Frontwave requirements.

 

About Frontwave Credit Union:

Frontwave Credit Union is a member-owned not-for-profit financial institution serving San Diego, Riverside, and San Bernardino counties. Founded in 1952, we have grown to 13 branches with 120,000 members and manage over a billion in assets. At Frontwave Credit Union, we are focused on creating consumer solutions to provide our members and the communities we serve with products and services that enhance the quality of life for our members through exceptional service and the progressive application of technology.

 

What’s In It For You:

Competitive pay, 401k matching, mortgage and auto discounts.

9-27 days of PTO per year (based on tenure) and 10 paid holidays.

Affordable medical, dental, vision health plans, and Flexible Spending Account.

Employee Assistance Program with a variety of services.

Career development, training, and coaching, mentoring; tuition reimbursement up to $4,000/year.

Culture of excellence and continuous improvement.

We strive to be the best place you’ve ever worked!

Essential Duties and Responsibilities:

Includes the following non-inclusive list. Other duties may be assigned.  All duties are to be performed in compliance with applicable laws, regulations as well as Credit Union policies and procedures:

 

• Implement and audit the CIS Critical Controls to enhance the organization's security posture.
• Develop and maintain a comprehensive security program that complies with NCUA Part 748 Appendix A.
• Remediate findings from internal and external penetration tests and General Controls audits.
• Prepare and present monthly security reports to the Enterprise Information Security Committee.
• Manage vulnerabilities by identifying, assessing, and mitigating security risks.
• Audit device configurations to ensure compliance with CIS benchmarks.
• Monitor and respond to security incidents and alerts.
• Monitor for external phishing websites and domain threats and lead the take-down process.
• Conduct regular security assessments and audits to identify potential vulnerabilities and recommend corrective actions.
• Collaborate with IT System Administrators and other departments to ensure the implementation of security best practices.
• Stay up to date with the latest security trends, threats, and technologies.
• Design and implement security procedures
• Collaborate with Artic Wolf Managed Security Services Provider (MSSP) to monitor and implement security best practices.
• Monitor and respond to security events from multiple sensors including end point protection, SEIM, web filters, email and DLP protection.
• Implement data security measures to protect sensitive information from unauthorized access.
• Educate staff on cyber topics such as social engineering and phishing.
• Review 3^rd party SOC reports to ensure vendor security programs meet Frontwave requirements for safeguarding sensitive information.

Qualifications: To perform this job successfully an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

 

• Strong knowledge of CIS Critical Controls.
• Information security certification(s) required, such as CISSP, CISM, or CISA.
• Knowledge of financial institution regulatory guidance such as FFIEC or NCUA Part 748 Appendix A preferred.
• Experience with vulnerability management and penetration testing.
• Proficiency in auditing device configurations and ensuring compliance with security benchmarks.
• Excellent analytical and problem-solving skills.
• Strong communication and presentation skills.

Education and/or Experience:                   

Bachelor's degree or equivalent experience in Computer Science, Information Technology, or a related field.

Minimum of 3-5 years of experience in information security or computer networking.

 

Salary Range: $33.59 - $50.38

When joining Frontwave Credit Union, you can expect to be a part of a workforce committed to the following Service Excellence standards:

• We see it. We own it. We get it done.
• We ignite positive experiences.
• We do things right every time.
• We are collaborators - united, cohesive and engaged
• We innovate and evolve.
• We create memorable experiences for life.
• We starts with me.