5+ years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
See more jobs for students and recent grads who studied:
Information Security Analyst
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description


This position will assist the Security Operation Center in their mission to protect the information assets of the Credit Union. Conduct and document IT risk assessments. Consult with management on IT risks and controls for new and existing information systems services and platforms, including third-party service providers. Develop, maintain, and publish up-to-date cybersecurity policies, procedures, standards and guidelines to protect AFCU assets. Conduct cybersecurity training to business and IT personnel. Investigate, evaluate, and recommend information security solutions. Conduct information security assessments, control audits, and compliance testing against industry information security standards, best practices, and internal company policy, standards, and procedures. Make recommendations on how to improve the security posture at the Credit Union.


1. Responsible, under the direction of the manager, for cybersecurity policies, procedures, standards, and guidelines.

a. Develop, maintain, and publish cybersecurity policies, procedures, standards, and guidelines in accordance with industry standards such as NIST, CIS, FFIEC, etc. Make them available to employees via the Security Operations Center intranet site.

2. Responsible, under the direction of the manager, for IT Risk Assessments within the organization

a. Work closely with ERM team members to facilitate all IT Risk Management processes and reporting.b. Assists Departments with the IT security assessments of various software purchases, external vendors, and technology service providers.

3. Verifies information security controls are designed and operating effectively.

a. Verity's that Credit Union policies, procedures, and controls are conducted in accordance with established security standards.b. Works closely with Internal Audit on all internal audits, external audits, and examination to coordinate the gathering of documentation and evidence.c. Conduct compliance and audit testing against industry standards, best practices, and company policies and procedures.d. Perform regular information security assessments to ensure AFCU's people, process, and technology are designed and operating effectively so as to maintain a sound information security profile. e. Responsible for tracking, following up on, and reviewing evidence to ensure that outstanding cybersecurity finding are remediated in a timely manner.

4. Conducts Information Security Training

a. Responsible for information security awareness trainings to business and IT personnel. This includes such things as monthly updates to employee facing security awareness training, required annual training, conducting phishing tests, and performing other random social engineering tests on a regular basis.b. Responsible for communicating with all AFCU staff regarding cybersecurity related concerns and/or questions.

5. Assumes responsibility for related duties as required or assigned.

a. Assist stake holders in their remediation of identified risks and vulnerabilities.b. Stay informed of changes in computer technology and security.c. Earn and maintain industry certifications.d. Keep work area clean, secure, and well-maintained.e. Complete special projects as assigned.



* A four-year college degree in a computer related field or equivalent combination of education and experience preferred.
* CISSP, Security +, CISA certification or certifications from one of the following bodies: SANS, Microsoft, CompTIA preferred.
* Must be goal orientated, action-focused, pragmatic and self-disciplined.
* Demonstrate ability to conceptualize, analyze, and communicate complex information security issues and concerns to technical and non-technical personnel.
* Must have good organizing and communication skills.

Required Knowledge:

* Understand the information security risks which affect information systems design, modification, and processing activities.
* Demonstrate the ability to identify and properly scope those risks, and formulate recommendations that are appropriate, practical and cost-effective.
* Ability to research policies, procedures, standards, and guidance, and apply under specific conditions for the protection of information and information systems.
* Understanding of IT risk and vulnerability mitigation.
* Familiarity with technology in the following areas: Cryptography, Linux, DBMS, Networking components, IDS/IPS, Servers, AD, Wireless, Mainframe, Automated/Application Controls, Access Controls, Firewalls, Physical Security, and Security Architecture/Design.
* Familiarity in the following areas: IT Project Management; System Development Life Cycle; Business Continuity and Disaster Recovery Planning; System Change Management; Legal, Regulation, Compliance, and Investigation procedures; and Segregation of Duties in IT.
* Familiarity with security industry frameworks, best practices, and guidance, such as CFR Part 748, FFIEC, NIST SP 800-30, NIST SP 800-53, NIST Cybersecurity Framework, NCUA's ACET, CIS 20 CSC, and PCI.
* Possess knowledge and understanding of concepts, protocols, best practices and principles as a means of relating IT risk, IT audit, compliance requirements, and security training to meet the needs of the business.


* 5 years in IT security, IT consulting, IT auditing, and/or IT risk assessments.


* Create flow charts and diagrams using Visio.
* Strong verbal and written communication skills.
* Well organized, detail oriented, and accurate.
* Analytical, problem-solving, and investigatory ability in things pertaining to IT.
* Tough minded, persistent, cooperative, and willing to assist others.
* Work well independently and meet deadlines.

About America First Credit Union

We desire to be the primary financial institution of our members. We will use automation and technology to support a highly trained group of volunteers and staff. Professional managers will be accountable for the quality of service and will be given sufficient flexibility in implementing policy to ensure that the member perceives the highest degree of excellence in every contact. Professional marketing will provide aggressive programs to sustain and increase growth. We will seek our growth both from new members and by serving the financial needs of present members in a more complete manner. We will not sacrifice quality of present services to seek growth. In order to provide quality member services, the credit union must remain financially sound and secure. Adequate operating controls, capital reserves and liquidity will be maintained at all times. We will be sales oriented in our approach to members, but traditional credit union philosophy will remain our guiding principle. Among financial institutions, this credit union is a unique organization with deep and abiding human values. Our goal is to maintain those qualities.

This company profile was created by AfterCollege and is about America First Credit Union. This page is not endorsed by or affiliated with America First Credit Union. For questions regarding company profiles, please email: care@aftercollege.com.