Southeast Financial CU
220 S Royal Oaks Blvd
Franklin, Tennessee 37064
USA
Role: The Information Security Risk Analyst supports the Credit Union's goals, values and philosophy by exhibiting the following behaviors: excellence, quality member service, commitment and accountability. As a member of the Credit Union's risk management/information security team, performance include demonstration of the follow accountabilities: communication, teamwork, job knowledge, and confidentiality.
Essential Functions & Responsibilities:
Under direction of CAO, performs and maintains risk assessments for various processes and programs to identify risks, including vendor management program. Updates risk assessments on an annual basis for all necessary functions of the Credit Union. This includes interviewing appropriate business unit owners to determine if there have been any changes in processes, software, personnel, training, etc.; reviewing any regulations related to that area; identifying the inherent risk; reviewing processes/procedures established to mitigate the risk; and determining the residual risk. Provides completed risk assessments to CAO for approval, with CAO submitting to ROC for official approval.. Member of Risk Oversight Committee and ALCO Committee.
Maintains employee access forms for all employees, notifying pertinent parties of hires, changes, and terminations that may affect employee access to credit union systems. Monitors forms to ensure all changes are documented by all pertinent parties and follows up as necessary to ensure changes are completed within a timely fashion and forms are "audit" ready.
Works with the Chief Administrative Officer and VP, Information Technology on the IT/IS Risk Assessment, as well as the ACET report, annually. Member of IT Steering Committee and Business Continuity/Disaster Recovery Team.
Complaint Management: Responsible for logging all complaints, including TDFI, NCUA, BBB, written consumer/member complaints, reviews from social media sites, or verbal consumer/member complaints. Creates and maintains folders for each complainant on the ROC shared drive, ensuring all communication and supporting documentation, and the written resolution are on file. Follows up to ensure each complaint is resolved. Provides quarterly report of all complaints for each quarter to CAO.
Coordinates monthly phishing tests for staff, quarterly for Board and Committee Members. Provides monthly report of fails to CAO. Conducts one-on-one training for staff with multiple fails, according to established guidelines.
Assists CAO with development of training for staff on information security, with a focus on cybersecurity and social engineering, as well as annual board training. Responsible for delivery of training at all new hire orientations.
Stay abreast of cybersecurity alerts from resources, such as FS-ISAC, CISA, NCUA, NCUISAO, Infragard, FBI Cybercrime Division, and FBI (internet crimes division), of potential cyber events that may affect the credit union. Shares pertinent alerts with IT department, as well as CAO. Participates in FS-ISAC calls about heightened cyber-related events/alerts, sharing pertinent information with CAO and IT department.