Information Security Director jobs in Appleton, WI

Connexus Credit Union - Who We Are:
Serving members across all 50 states, Connexus Credit Union is a member-focused cooperative that is proud to return profits to member-owners through high yields for checking accounts and deposit products, as well as competitive rates for personal, home, and auto loans. From its early beginnings on through the years, Connexus has remained a strong, growing, and secure financial institution that remains committed to serving the financial needs of our member-owners across the country.

Connexus offers an Amazing Benefits package:

• 25 days of paid time off and 7 paid holidays

• 16 hours of paid Volunteer Time Off

• 401K Retirement with up to 6% employer match

• Excellent Health, Dental, Vision insurance, including multiple plan options

• Health Savings Account with generous employer contributions

• Employer paid Life insurance, Short-Term and Long-Term Disability

• Tuition Reimbursement from $4,000 - $7,000 per calendar year

• Robust Learning and Development program that includes an annual professional development stipend

Connexus has a Values-Based Culture:
Our Values of Integrity, Respect, Transparency, Wellbeing and Synergy aren't just words on a page; our values dictate the actions of the organization and everyone within it. We demonstrate our values in every personal interaction, phone call, and email - every day.

About the Role:

The Information Security Engineer will design, implement, and maintain security systems and controls to ensure the confidentiality, integrity, and availability of computer networks, systems, and applications. The Information Security Engineers job requirements include but are not limited to designing, implementing, operating, and monitoring of the enterprise security solution stack; support ongoing information security initiatives; analyze, verify, and track information technology risk and facilitate the remediation of identified vulnerabilities.

The Information Security Engineer is a member of the Information Security team and reports to the Manager of Information Security. This position will work closely with the broader Business Technology (BT) team and key business stakeholders across all departments to support a comprehensive information security program. This includes ensuring the compliance to defined security policies, processes, and standards.

As a member of the Information Security team, the Information Security Engineer will elevate the Information Security program by utilizing "secure-by-design", "defense-in-depth", and "least-privilege" practices in support of cybersecurity best practices, industry standards, frameworks, regulations, policies, and procedures.

Responsibilities:

Security Architecture & Engineering: 50% of typical work volume

• Guide the evaluation of cybersecurity products, principles, processes, and controls to ensure effective data protection.

• Design, implement, and improve security protective controls, including monitoring, detection, and response infrastructure.

• Conduct periodic reviews of deployed security technologies to ensure that the solutions continue to provide the intended protections efficiently and effectively.

• Recommend improvements to security tools and procedures to drive continuous enhancement to data protection.

• Serve as an information security consultant on organizational project work and advise the business partners on the appropriate technology security controls.

• Support cryptographic and key management solutions and manage and operate secure cryptographic platforms.

• Participate in business continuity and disaster recovery planning and testing.

• Assist in the governance and monitoring of firewalls, intrusion detection systems, switches, and routers.

• Maintain comprehensive security engineering documentation.

Security Governance, Risk & Compliance: 20% of typical work volume

• Collaborate with the Compliance, Risk, and Audit teams.

• Support the technology risk assessment process and control design with the goal of ensuring alignment with the organizations risk tolerance and risk profile.

• Provide threat and vulnerability analysis as well as security advisory services.

• Lead Cybersecurity vulnerability remediation efforts for network devices and systems.

• Consolidate security related findings, tracks KPIs, and presents results to information security and appropriate business leaders.

• Provides support in the investigation and remediation of potential threats and assists with general information system control reviews, risk, and vulnerability Assessments to identify weaknesses and assess the effectiveness of existing controls, recommends remedial action as needed.

• Support the development and implementation of security policies, standards, and procedures.

• Support activities to assess adherence to the information security policies and procedures.

• Support security-based risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties.

• Interpret, monitor, and assess security systems and related projects for potential risks, violations, and adherence to the Information Security Program Standards which includes but not limited to: intrusion protection, secure file transfer, data loss prevention, email encryption, firewalls, log management/correlation, secure password storage/retrieval, application whitelisting, and
  vulnerability management.

• Coordinate regular penetration testing of systems and social engineering testing of staff.

• Review, assess, and mitigate penetration tests and vulnerability assessments.

• Ensure that alerts across all IT and/or security systems are configured in accordance to information security policy, standards, and procedures.

Security Operations & Administration: 15% of typical work volume

• Lead the development, support, and monitoring the controls to protect data from accidental or unauthorized modification, destruction, or disclosure.

• Lead the development, support and monitoring of the server, desktop, laptop and mobile device security controls.

• Perform system security administration on various platforms, including operating systems, applications, and network security devices, in accordance with the defined policies, standards and procedures of the organization, as well as with industry best practices and vendor guidelines.

• Create and maintain the internal documentation library, ensuring that procedures and other documentation is regularly updated to reflect the latest operational processes and requirements.

• Investigate detected events when the Managed Security Service Provider (MSSP) or when a Connexus Security Analyst escalates an incident.

• Participate on the Connexus incident response team and assist in the development and facilitation of the Cybersecurity Incident Response Plan in response to potential security incidents.

Other Responsibilities: 15% of typical work volume

• Serve as an escalation point and mentor for junior staff to guide junior analysts and engineers on implementing/monitoring security controls.

• Staying current with industry trends, identifying, and researching new technologies.

• Work on projects that may be assigned on an ad hoc basis and may assist other corporate initiatives as necessary.

• Promote security awareness within the organization.

• Identify and report opportunities for process improvements and solicit recommendations.

• Establish and maintain effective relationships with managed service providers and other solution vendors.

Position Requirements:

• This position is Remote.

• Participate in operational support including on-call rotation.

• Associate Degree in computer science, information systems, or technology field; or commensurate cybersecurity experience is Required.

• 5 years of experience within cybersecurity experience is Required.

• Experience in cloud environments and cloud security is Required.

• Experience with securing Windows and Linux operating systems is Required.

• Understanding of industry compliance standards and regulations (ISO, NIST, PCI DSS, SOC II Type 2, CIS, GLBA, CCPA, etc.) is Required.

• One or more of the following security certifications: GSEC, GCLD, CISSP, CISA, GCIH, Security is Required.

Connexus Credit Union's Recent Recognitions:

• 2024 Best Credit Union - NerdWallet

• 2024 Best Credit Union - Bankrate

• 2023 Best-In-Class Employer - Gallagher

• 2023 Best Credit Union - Kiplinger

• Fourth Largest Credit Union in Wisconsin (by asset size)

Equal Opportunity Employer/Disabled/Veterans/41 CFR 60-1.4, 41 CFR 60-1.35