• Complete identity and access requests for users within the company’s IAM process, following established operations
• Manages MFA of users within Azure AD
• Develop and configure Active Directory GPO for workstation and server security
• Create advanced PowerShell scripts to manage identity within Azure AD and Active Directory
• Monitors user access and investigates abnormal user activity via Azure Security Center
• Configure Azure AD SSO and provisioning for cloud and internal applications
• Monitor and troubleshoot Azure AD Connect and federation services
• Troubleshoot and provide solutions for all Azure AD identity issues
• Coordinates with IT to support workflows to enhance and automate the user provisioning process and provide ongoing user access and rights reviews for internal and external users
• Develops technical documentation and procedures to support the IAM process
• Works with other members of the Information Security Team to research and recommend security enhancements to the IAM process to management
• Supports incident responses and investigations, reporting findings and actions taken to management
• Assists and communicates information security best practices to end-users, including reasons for problems, request or incident status or other relevant security information
• Stays current on IT security technologies, trends, and news

Skills: IAM Operations, Azure MFA, Active Directory, PowerShell Scripting, User Monitoring, SSO Configuration, Identity Troubleshooting, Security Documentation

• Participate in the implementation of security considerations in all facets of the information technology infrastructure
• Assist in support for specific hardware/software environments that are network security-centric
• Provide independent judgment for consideration by management regarding security for all areas of information technology
• Enable decision-makers to make informed decisions about threats and risks related to operations and business entities
• Monitor and review audit logs of system accesses to ensure that authorities are properly implemented and find any patterns that may indicate intrusion activities
• Understand different operating systems and database environments to assist in support of logical security, including those based on Z/OS, iSeries, Unix, and Windows
• Understand information security concepts, routing and network/application protocols and Enterprise networking
• Participate in on-call rotations for security support during regular working hours and after-hours
• Responsible for the security of networks, servers, workstations and applications
• Responsible for Information Security tools
• Develops, deploys, supports and assesses enterprise-wide security objectives
• Collaboratively determines objectives, implements solutions, and recommends risk mitigation strategies
• Provide first and second-level support to the MIS Service Desk

Skills: Security Implementation, Network Support, Risk Assessment, Log Monitoring, OS Knowledge, Protocol Understanding, Tool Management, Helpdesk Support

• Perform ongoing support and administration for Information Security systems
• Perform incident response activities 
• Planning and development of new security measures
• Work with third parties and vendors 
• Develop and analyze Information Security reports and MIS for roll-up to management
• Develop and evaluate Information Security procedures
• Provide Information Security project management
• Update job knowledge by tracking and understanding emerging threats, security practices and standards
• Assist with external audits, penetration tests and vulnerability assessments
• Mentoring of Information Security staff and interns
• Conduct tasks in a manner that complies with all consumer protection regulations and treats consumers fairly

Skills: Security Administration, Incident Response, Security Planning, Vendor Coordination, Report Analysis, Procedure Evaluation, Project Management, Audit Support

• Maintains and enforces the information security and cybersecurity risk management frameworks/methodologies
• Maintains the Information Security Program and related Information Security Policies, Standards, and Reporting
• Contributes to the development of the business unit strategy
• Provides a view on potential improvement for information security risk and compliance policies and procedures, including an assessment of the existing situation and anticipated changes in the external environment
• Develops and implements effective processes to identify, measure, report, track and remediate information security risk-related issues, inclusive of gap analyses and evaluation of new systems or processes
• Supports the Cybersecurity Incident Response Team
• Reviews potential Intrusion Detection events, performs malware analysis, and assesses high-severity security events
• Plans and initiates the response actions
• Provides updates to management and the Board
• Coordinates incident investigation and remediation with internal and external resources
• Advises the CRO, ISO, management, and the Board regarding cybersecurity strategy to leverage new technology and cybersecurity frameworks
• Supports the management of the Bank's CAT (Cybersecurity Assessment Tool)
• Makes recommendations in areas where the controls should be enhanced, or enacts changes within the purview
• Reviews user access certifications to verify application entitlements are appropriate for each user's role and responsibilities

Skills: Risk Management, Policy Maintenance, Strategy Support, Gap Analysis, Incident Response, Event Review, Access Certification, Control Enhancement

• Provides information security, risk management, technical advice, and counsel to the IT Department
• Supports IT security audits and external third-party assessments (e.g., penetration tests, social engineering assessments, targeted assessments), presenting results to the Audit Committee or the Board of Directors as applicable
• Supports the management of tracking and remediation of vulnerabilities by leveraging agreed-upon action plans and timelines with the IT Manager / ISO
• Recommends appropriate updates to standards, processes and procedures as part of comprehensive remediation
• Serves as an advisor to the Information Technology Steering Committee and the Crisis Management Team
• Develops, provides and oversees information security and cybersecurity training for employees
• Provides guidance, direction and education on these functions as well as the latest security strategies and technologies
• Manages the social engineering testing program for the Bank
• Acts as the project lead in strategic projects related to information security and/or cybersecurity
• Supports and maintains the Vendor Management program
• Performs vendor initiation processes, analysis, gathers and assesses documentation, and reports to ISO and CRO
• Meets response and resolution times as defined in Service Level Agreements and/or service requests, and follows established processes to meet service level commitments
• Completes all regulatory training within deadlines established including BSA, Bank Security and any other training, within timeframes and on an annual basis
• Cross-trains in additional functions of the department

Skills: Security Advisory, Audit Support, Vulnerability Tracking, Process Improvement, Staff Training, Project Leadership, Vendor Management, Compliance Monitoring

• Manage the information security management standard
• Seeking to build in security during the development stages of software systems, networks and data centers
• Looking for vulnerabilities and risks in hardware and software
• Carrying out a Penetration test on the IT infrastructure
• Finding the best way to secure the IT infrastructure of the organization
• Building firewalls into network infrastructures
• Constantly monitoring for attacks and intrusions
• Mitigating the occurrence of security vulnerabilities
• Responsible for identifying the information security risk exposures at the company level (excluding project-specific information security risk), and establishing processes and controls
• Ensure that information security risk is properly safeguarded
• Responsible for maintaining Information Security policies, and ensuring that the information security controls are clearly, accurately and comprehensively documented in the relevant policies
• Perform regular sample checks to ensure that controls are executed in accordance with the Information Security policies
• Main liaison for all information security-related audits, including ISMS audit
• Responsible for tracking and ensuring proper closure of the information security control lapses identified during sample checking or audits
• Responsible for maintaining the information security incident register and conducting the investigation independently, with support from relevant departments
• Coordinate and review the responses for the information security-related checklist
• Conduct Information Security Training, and support the implementation of e-learning modules led by the Learning and Development team

Skills: Security Management, Vulnerability Assessment, Penetration Testing, Firewall Configuration, Threat Monitoring, Risk Mitigation, Policy Maintenance, Incident Investigation

• Maintains the Mediabrands' information security policies, standards, guidelines and procedures
• Monitors the Compliance mailbox for incoming potential security incidents
• Perform thorough analysis, documentation, and a strong understanding of the attack vectors, persistence mechanisms, and detection avoidance tactics
• Project manage the Information Security Risk Metrics and report on the effectiveness of the Information Security Program
• Manages and maintains the Information Security Risk Register to ensure all risks are prioritized and treated timely manner
• Provides reports to regional leads regarding the effectiveness of data and access controls and makes recommendations for the adoption of new processes and/or procedures
• Staying up to date on information technology trends and security standards, informing the teams of Zero-day exploits, and coming up with resolutions alongside the IT teams
• Writes technical articles for knowledge sharing
• Conducts routine IT security control assessments and/or risk assessments and assists with security audits
• Coordinates the testing of recovery support and business resumption procedures in different functional areas
• Assures that recovery procedures are effective for the restoration of key corporate IT resources and the resumption of critical systems
• Conducts new and ongoing vendor risk due diligence
• Identify and mitigate risks associated with third-party vendors

Skills: Policy Management, Incident Monitoring, Threat Analysis, Risk Metrics, Access Control, IT Trends, Security Auditing, Vendor Risk

• Knowledge of security standards and groups such as NIST, OWASP, ISO 27001/27002
• Experience in supporting network firewalls and proxy servers
• Familiar with the administration of Routers, Firewalls and switching technology
• Knowledge of TCP/IP and related data network protocols
• Knowledge of standard network protocols such as TCP, ARP, ICMP, DHCP, HTTP, SNMP, etc.
• Advanced features like IPSEC and IPv6-related protocols and accompanying protocol analysis tools
• Experience with the design and configuration of a network DMZ
• Knowledge of security and risk frameworks including NIST, SANS, ISO, and CoBIT
• Knowledge of data retention strategies and policies related to personally identifiable information and other regulatory requirements
• Strong technical knowledge of Windows Server 2003 - 2012 R2, including Active Directory, DHCP, DNS, load balancing, DFS, RADIUS and ADFS
• Working knowledge of local area network administration, including protocols and standards, switching, routing and firewall configuration

Qualifications: BS in Information Technology with 7 years of Experience

• Experience in computer security combined with risk analysis, audit, and compliance
• Hands-on software and hardware troubleshooting experience
• Knowledge of patch management, firewalls and intrusion detection/prevention systems
• Familiarity with public key infrastructure (PKI) and cryptographic protocols (SSL/TLS)
• Ability to conduct research into hardware and software issues and products
• Able to comply with all written and stated company ethics and safety policies and procedures
• Able to report all unsafe and unethical violations to the immediate supervisor or Human Resources
• Able to express technical and non-technical concepts clearly to broad audiences
• Excellent communication skills (written and verbal) to document complex concepts in a comprehensive manner
• Proven experience in large, complex enterprise-wide initiatives

Qualifications: BS in Network Administration with 6 years of Experience

• Experience with cloud security, non-premise-based security schemes, and enterprise-wide security administration
• Experience in the Information Security or Cybersecurity industries
• Proven analytical and problem-solving abilities
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Skilled at working within a team-oriented, collaborative environment
• Ability to communicate with immediate supervisor and other team members to receive/direct all work instructions and express any questions or concerns
• Ability to work well in a fast-paced professional office environment
• Strong interpersonal and oral communication skills
• Adept at reading, writing and interpreting technical documentation and procedure manuals
• Ability to present ideas and solutions in a user-friendly language
• Must pay keen attention to detail

Qualifications: BS in Cybersecurity with 5 years of Experience

• Experience with identity-management solutions such as Active Directory and Okta
• Experience with mobile device management (MDM) and endpoint detection response tools (EDR) such as Avanti MobileIron and Sophos
• Experience with security information event management (SIEM) solutions such as AlienVault’s Unified Security Management
• Familiarity with common security vulnerabilities and the ability to measure the severity and impact on the business
• Experience with macOS, Linux, and Windows operating systems
• Excellent organization skills, acute attention to detail
• Strong verbal and written communication skills
• Working experience in dedicated hands-on security 
• Knowledge of SOC governance and SOC processes
• Knowledge of Information Security Standards and main issues regarding Data Privacy
• Strong working knowledge in the domains of Security Monitoring and Incident Response Management
• Must have familiarity with regulatory requirements, such as PCI DSS, KVKK and ISO 27001 Standards

Qualifications: BS in Information Systems Security with 8 years of Experience

• Must have a Security certification such as Certified Information Systems Security Professional (CISSP)
• Experience with Microsoft Security Center and related Defender Endpoint Protection
• Advanced understanding of Networking and Security concepts
• Knowledge of International Organization for Standardization (ISO) 27001 and American Institute of Certified Public Accountants (AICPA) SOC1/2
• Strong verbal and written communication skills
• Ability to deliver multiple projects and tasks at the same time while meeting specific and structured timelines
• Knowledge of Microsoft, Linux and Apple operating systems
• Experience in network security, application security and information security
• Depth of knowledge in Security Intelligence/SOC Operations
• Deep knowledge of Security Information and Event Management (SIEM) products 

Qualifications: BS in Software Engineering with 6 years of Experience

• Must have Security certification (i.e., CISSP, GIAC, etc.)
• Security-related work experience with a financial institution and knowledge of overall credit union operations
• Experience with network security assessment tools, perimeter security, social engineering and other aspects of corporate security practices
• Familiarity with project management tools and techniques
• Understanding of audit principles
• Ability to read and understand computer system documentation
• Ability to use good judgment to solve problems efficiently and accurately and handle complex details
• Ability to work with a high degree of independence
• Able to maintain professional and effective working relationships with team members, vendors, auditors and examiners
• Excellent problem-solving and negotiation skills
• Knowledge of Information Security risk and industry best practices
• Excellent interpersonal, written and verbal communication skills
• Ability to mitigate enterprise risk factors and ensure compliance with applicable regulations, legislation and AFCU policies and procedures

Qualifications: BS in Applied Information Technology with 7 years of Experience

• Experience working with and managing Microsoft Identity services, including O365, Azure AD, Active Directory, and Active Directory GPOs
• Experience working with and managing Microsoft SCCM and Intune 
• Must have CompTIA Security or higher security-related certification 
• Proven experience within an administrative or customer service-related role
• Proven experience of working within a demanding business environment
• Excellent command of English (speaking and writing)
• Experience/interest in the financial and security sector
• Outstanding written and verbal communication and be able to communicate effectively at all levels within the company
• Excellent organizational, administrative skills and attention to detail
• Able to be a quick learner with strong problem-solving skills
• Proven ability to manage work well under pressure
• Ability to look for ways to improve existing processes and create new ones

Qualifications: BS in Computer Networking with 8 years of Experience