|Vacany Code / Job Title
||ADM03 / Information Assurance Officer
|Scope of Work
||Job Summary and Purpose:
The Information Assurance Officer will work to support the implementation and execution of the ERM department’s processes to drive consistent risk identification, measurement, mitigation, monitoring and reporting. The Information Assurance Officer is responsible for identifying and assessing information security risks, and determines whether those risks are being mitigated effectively and continually.
Serves as a trusted and influential advisor to the business, executive management, and board members by participating in various decision-making discussions on risk appetite/tolerance setting and risk acceptance activities. Ensures credit union compliance with all applicable regulatory requirements and oversees information security audits, reviews and assessments performed by external parties.
The Information Assurance Officer is responsible for developing, implementing and maintaining an effective business continuity program to ensure the resilience of critical business functions and minimize the impact of disruptions resulting from a wide variety of catastrophic events.
• Identify, assess, monitor, and report information security risks
• Assist in establishing key risk indicators and risk tolerances for information security risks
• Develop processes for identification and management of emerging information security risks
• Conduct employee phishing campaigns on a quarterly basis
• Carry out monitoring such as the application user access review and the bi-annual terminated employees review
• Assess and ensure compliance with applicable regulatory guidance related to information security
• Serve as liaison and coordinator for the IT controls audit by financial statement auditors, penetration tests, and social engineering tests
• Review vulnerability scanning results and reports on vulnerability management
• Perform other related duties as assigned.
• Oversee and evaluate the effectiveness of the disaster recovery planning and testing
• Administer and maintain business continuity software
• Develop and provide business continuity and crisis management awareness education to business partners
• Coordinate and perform business impact analysis that incorporates a clear and consistent understanding of functional dependencies and recovery requirements
• Evaluate the current business continuity framework and identify improvement opportunities
• Provide leadership and assistance to business partners in the development, approval, and ongoing maintenance of their business continuity plans
• Assist and manage the creation, coordination, facilitation, and communication of business continuity exercises which include but are not limited to table-top exercises, simulation testing, and full scale exercises
• Design roadmap in implementing an effective business continuity program and assess the maturity levels of the program against goals
• Support the ongoing maintenance and refinement of the enterprise business continuity methodology, tools, and supporting artifacts
• Perform other related duties as assigned
|Education Qualification Required
|Years Of Experience
||10 - 15
||The ideal candidate must hold or obtain one of the following certification in each job skill area.
o Information Security/Assurance
o Associate or Certified Information Systems Security Professional (Associate CISSP/CISSP)
o Certified in Risk and Information Systems Controls (CRISC)
o Certified Information Systems Auditor (CISA)
o Business Continuity Planning
o Associate or Certified Business Continuity Professional (ABCP/CBCP)
|Vacany Posted On