Information Security Analyst
Beginning Pay Range: $36.76 – $45.95 per hour
OCCU is looking for an experienced Information Security Analyst to join our growing and high performing team! The Information Security Analyst’s responsibility is to assist in the development, implementation, monitoring and reporting of our Enterprise Information Security program. The role’s purpose is to ensure all appropriate industry measures are taken to limit the risk of loss of member information and/or organizational proprietary data.
Location: Eugene, OR
The essential functions of this position require prioritizing and completing all assigned tasks in a timely and efficient manner, adjusting for changing priorities and availability of resources and demonstrating initiative in identifying additional job-related tasks to be completed when time permits. These duties are a representative example of position expectations. Actual duties assigned may vary and change depending on the business needs of the department and OCCU.
- Complete ongoing functionality and gap analyses of Information Security policies, Business Unit policies, and IT Infrastructure to ensure compliance with regulatory requirements and industry best practices.
- Assist and implement a comprehensive security awareness program to include training materials, guidance, orientation, testing and reporting.
- Provide recommendations on proposed changes to Information Security strategies.
- Establish and maintain information security standards and procedures in compliance with all regulatory bodies and industry best practices.
- Monitor and report on adherence to Information Security standards established internally and across the industry spectrum.
- Function as an internal consulting resource on information security issues and incidents.
- Conduct internal Information Security Risk Assessment and assist in the development of annual reporting to the Board of Directors.
- Liaison between Enterprise Risk & Administration (ISO), Technology and various business groups in matters related to or impacted by information security controls.
- Assist in coordinating contingency plan tests on a regular basis.
- Assist in the maintenance and credential enrollment of physical access control and alarm monitoring systems.
- Maintain applicable industry knowledge and certifications.
- Deliver Information Security related communications to multiple audiences with varying degrees of technical savvy.
Experience, Knowledge, Skills and Abilities:
Qualified candidates for this position will have relevant education and experience necessary to perform the essential functions and meet the minimum performance expectations for this position with or without an accommodation.
Preferred qualifications for the position include:
- Minimum three years of experience working with computer and network systems in a technical capacity.
- Strong investigative skills to include ability to analyze and troubleshoot issues.
- Practical application of ISO 27001/27002, FISMA, PCI DSS and other industry related guidelines.
- Active work in data loss prevention principles.
- Experience working in an IT environment including strong change control and configuration management practices.
- Applied experience in risk assessments, vulnerability mitigation and compensating controls.
- Applied experience working with relevant third-party tools including intrusion detection, firewalls, patch management, etc.
- Experience with Logical and Physical Security investigations, mitigation and controls.
- Four-year degree in Information Security or related field preferred.
- Demonstrable industry experience and certifications may be acceptable in lieu of degree(s).
- Applicable industry certifications (CISSP, etc.).
An equivalent combination of experience and education that demonstrates the required knowledge, skills and abilities required for the position will be considered in lieu of the outlined requirements.
Physical Demands and Work Requirements:
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Physical Demands: While performing the duties of this job, the employee is frequently required to:
- Work for extended periods of time in a stationary position (possibly up to 60 minutes or more without an opportunity to substantially change position) while consistently grasping, moving and manipulating documents, office supplies, computer equipment and other business tools and materials.
- Use and operate a personal computer, office equipment and other technology devices frequently and consistently throughout each day with a high degree of skill, accuracy and independent judgment.
- Move to, from and within our building and across company-related property site locations as needed, possibly for extended periods of time.
- Correspond, communicate and exchange information with other employees, members and other third parties with whom we work in-person, via telephone, virtually or by other electronic means using available technology during meetings, presentations and other situations in which business information may be shared, discussed or exchanged.
- Maintain professional and respectful communication style and steady work focus to ensure reactions and responses to varied situations, stress, ambiguity, frustration, disappointment and disagreements. Set an example to others of appropriate workplace communications while contributing to a strong, harmonious team dynamic.
- Lift, transport and/or move up to approximately 25 lbs. occasionally in the performance of regular duties.
- Remain alert and able to observe surrounding areas and conditions at all times to identify, recognize and respond to potential obstacles, safety concerns, hazards, threats, property conditions requiring attention, unauthorized and/or dangerous persons and emergencies.
Work Environment: Office-related work is primarily conducted in a temperature-controlled office environment. Our office spaces include traditional office lighting (including fluorescent lighting), as well as shared office spaces and facilities that result in consistent and frequent noise (moderate and often louder than ambient noise), conversations among employees and/or members, interruptions and other similar distractions.
Work Hours: This job can typically be done within a Monday through Friday schedule; however, based on events going on there will be times when evening and weekend work is required with little or no notice. Off-hour telephone support is required. This role is on call 24x7x365.
OCCU is an Equal Opportunity Employer