Cybersecurity Auditor

at First Commerce Credit Union
Published March 23, 2023
Location Tallahassee, FL
Category Default  
Job Type Full-time  

Description

Come grow with us!

First Commerce is expanding, and we want you to join our dynamic, winning team. At FCCU, you can expect competitive pay, best in class benefits, initial and ongoing training and development, and career growth opportunities. Don't just look for a job, consider a career where you empower people to enhance their financial well-being and make a difference to our communities. Apply with us today!

The primary purpose of this position is to assist First Commerce in fulfilling our Vision To Be Our Member's Financial Partner for Life. This is achieved through delivering Remarkable Member Service as defined by our Service Standards as well as building and maintaining strong member relationships through identification of member's financial needs and effectively recommending appropriate products and services to meet those needs.

The Cybersecurity Auditor will direct the timely delivery of high-quality, value-added assurance and audit reports. This role is responsible for the management of risk assessment and audit delivery covering the full spectrum of Information Security (IS), including enterprise governance, systems administration, network defense infrastructure, data protection, authentication services, vulnerability threat management, risk management and cyber incident response and recovery. This encompasses providing objective risk-based independent assurance with respect to the design and operating effectiveness of controls associated with IS that support critical business systems and processes across the group.

RESPONSIBILITIES:

* Serves as the subject matter expert in auditing general and application controls across a variety of technologies and platforms using IS best practices and standards, including the NIST Cybersecurity and Risk Management Frameworks, and a solid business understanding of technology infrastructure products.
* Assists in the development of a robust IS Audit Plan and independently executes in accordance with IA standards, relevant government statutes, and regulations.
* Performs audits in compliance with the organization's set standards and objectives.
* Shares audit results and provides recommendations to management based on the results.
* Works with third party auditors to facilitate external audits.
* Performs verification of compliance with cybersecurity standards for internal systems.
* Completes periodic control review on critical systems and makes recommendations on control gaps.
* Performs reexaminations of audits to ensure the recommended actions have been performed by management.
* Works with various departments to maintain the third-party website list.
* Performs periodic internal vulnerability assessments and makes recommendations for improvement based on findings.
* Escalates critical vulnerabilities and works with the IT department to ensure a timeline is in place to resolve the issue or that solutions are in place to mitigate risk.
* Makes recommendations on updates to the Information Security Standard and Procedures and Security Policy based on industry standards and best practices.
* Ensures compliance with baselining cybersecurity efforts against the NCUA's Advanced Cybersecurity Examination Tool(ACET) or other NCUA tools and improves areas that are sub-baseline.
* Maintains an institution risk register as is relates to cybersecurity.
* Acts as the Information Security Officer (ISO) for the credit union. The ISO's primary responsibility is to safeguard the security and confidentiality of nonpublic information (NPI) as well as the institution's financial transactions.
* Serves on the Enterprise Risk Management Council.
* Serves on the Information Security Team.
* Responsible for assessments relating to vendor due diligence, including evaluating initial and annual reviews and providing a risk assessment.
* Responsible for working with organizational development to provide relevant team member training relating to security.
* Coordinates with other departments to provide appropriate communications designed to educate members on cyber risk mitigation strategies.
* Keeps abreast of emerging IS/cybersecurity risks and evolving standards and regulations and ensures that these are appropriately addressed in Internal Audit's risk assessment and audit planning processes.
* Engages in continual education and awareness of current cybersecurity threats, standards, and practices.

Other Responsibilities:

* Performs job duties in accordance with policies established by the Board of Directors under the rules and regulations set by the National Credit Union Administration, the State of Florida, and any applicable State laws for financial centers located in other States.
* Complies with Reg E, BSA, OFAC, and CIP requirements such as reporting suspicious or unusual activity to manager.
* Fully supports in actions and words First Commerce's Vision, Mission, Core Values, and Service Standards.
* Attends meetings timely and as required; reports to work as scheduled and adheres to First Commerce's dress code.
* Adheres to agreed upon standards for remote work.
* Performs other duties as assigned.

REQUIREMENTS:

* Works independently with demonstrated experience in managing technology audits and projects according to strict timetables and quality standards.
* Has knowledge and experience in developing and executing IS risk assessments that align to organizational strategies and business objectives.
* Must be accurate, detail-oriented, and organized.
* Must be able to analyze and resolve difficult problems and situations.
* Must have the ability to work effectively with all levels of management and staff.
* Must have the ability to work with computers and various software applications. A strong knowledge of Microsoft Office, including Outlook, Word, and Excel, is required.

EDUCATION AND EXPERIENCE:

* A minimum of a bachelor's degree in Information Technology, Information Security, or a related field.
* A minimum of 7+ years' experience in Information Technology security.
* Certification or equivalent expertise in a major security standard such as CISSP (Certified Information Systems Security Professional), CCSP (Cisco Certified Security Professional), CCSA (Check Point Certified Security Administrator), CISM (Certified Information Security Manager), SSCP (Systems Security Certified Practitioner), CISA (Certified Information Systems Auditor) or CRISC (Certified in Risk and Information Systems Control).
* Good understanding of IP, TCP/IP, and other network administration protocols.

Americans with Disability Specifications

The primary work location for this position is hybrid with the ability to work both remotely and in a First Commerce building.