Information Risk Analyst

Andrews Federal Credit Union
The Information Risk Analyst supports information security initiatives from an Enterprise Risk Management perspective. This includes the review and enforcement of security-related organizational policies, regulatory standards and industry best practices. Contributes to the development of long term security technology, disaster recovery, business continuity, and data loss prevention strategies and controls. Assists with research and evaluation of information security products.

Region: Maryland

Provide support to Andrews FCU’s business units to ensure security measures and policies are enforced •Help ensure strategic objectives of the IT risk management program are met by creating information security risk assessments and supporting the development of mitigation controls for security issues impacting the organization •Work with Information Technology staff to recommend, schedule, and independently verify security configurations, patches and technologies •Assist in the administration of the credit union’s Data Loss Prevention program •Aid in the design and execution of vulnerability assessments, penetration tests and security audits; work with Information Technology in the remediation of audit findings •Support the maintenance, testing, and facilitation of the credit union’s Disaster Recovery and Business Continuity Plans •Perform regular security awareness trainings for all employees. Create instructional materials and provide informational updates to ensure consistently high levels of compliance with the credit union’s security program •Maintain an awareness of existing and proposed security standard setting groups, state and federal legislation and regulations pertaining to information security and data privacy •Remain cognizant of and adhere to Andrews Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act to include internal training. •Ensure that work results and processes comply with relevant laws and with established Andrews Federal policies, procedures, and practices, including but not limited to the Bank Secrecy Act (BSA). •Perform other related work as assigned and demonstrate initiative using available resources to achieve established goals •Interacts with co-workers, supervisors, members, and outside contacts in an appropriate, professional manner, which projects a positive image of the department and Andrews Federal. •Attends work regularly according to work schedule; limits absences according to personnel policies regarding leave usage. •Willingness to work in a team environment to complete projects in a timely fashion

BS in Computer Science, Information Technology preferred with a minimum of 3 years relevant IT technical and security experience required •Experience in at least one or more of the following areas: Performing Risk Assessments, Working with Security Controls, Risk Management Frameworks and Processes, IT Audit, Regulatory Compliance. •Knowledge of information security methodology, security anomaly investigation; experience with network security appliances such as firewalls, IDS/IPS, DLP, SIMs, routers/switches, etc. •Experience with the Jack Henry suite of banking products, including Symitar, Synergy, Synapsys, Image Center and Yellow Hammer is preferred. •Must possess strong skills in Word, Excel, latest version of Windows Operating Systems and Windows Servers, Microsoft Project, and other software as needed. •Strong presentation skills which may be used to document analysis and deliver presentations to non-technical departmental teams in an articulate and effective manner using a variety of media (visual, written and oral). •Experience working with financial institutions such as credit unions preferred.

Must be able to lift up to 10 pounds. Requires the ability to sit for extended periods of time. Must be able to operate standard office equipment to include keyboard, copier and fax.

In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.

Application Instructions