Print
Iowa Student Loan is looking for an information security officer to support the corporate information security program, with an emphasis on the technical, operational and administrative security controls of the IT department. The information security program is designed to protect customer and corporate data (non-public records) stored, processed and transmitted by the information technology resources.
We are all about success — students looking for funding, borrowers needing assistance repaying loans and consumers navigating the student loan landscape. That success starts with you.
As an employee at Iowa Student Loan:
- You will receive in-house training, mentoring and opportunities for advancement.
- You will be empowered to share your ideas and creativity.
- You will earn a competitive wage with excellent workplace benefits.
- You will enjoy a casual workplace with opportunities for fun and team-building.
Job Responsibilities
The qualified candidate will:
- Collaborate with managers, administrators and analysts to design practical implementations of security controls.
- Complete the security impact analysis for each IT resource major release.
- Define and publish baseline security configuration for the IT resources.
- Review and authorize re-classification of vulnerability scores as appropriate.
- Review and author IT standards and security team procedures.
- Provide subject matter expertise regarding security risk and control implementation.
- Monitor and report compliance and effectiveness of IT department controls including policies, procedures and standards.
- Monitor security baseline configurations with a focus on identifying unauthorized changes and anomalies.
- Review privileged user activity with a focus on process compliance and attempts to circumvent security controls.
- Monitor vulnerability management to ensure threshold compliance.
- Monitor application, infrastructure and boundary security controls to validate adequate protection to prevent unauthorized access or disclosure of sensitive information.
- Trend and analyze security attacks, alerts, errors and control enhancement best practices.
- Identify security control gaps to initiate projects with the IT management team.
- Validate key security control performance and compliance.
- Administer physical access to IT secured areas within the facility.
- Conduct biometric scanner administration such as add and remove users.
- Monitor physical access control system changes as related to the IT secured areas.
- Lead security event handling and incident response reporting.
- Handle security alert advisory board registration.
- Conduct initial analysis to determine applicability of a security alert.
- Coordinate impact analysis with managers, administrators, contract owners and analysts to identify indications of compromise and unauthorized access.
- Communicate incidents to the Compliance department and crisis communication team as appropriate.
- Identify and train staff on the use of forensic tools and chain of custody requirements.
- Complete post event write-up as appropriate.
- Lead security event training and exercises including but not limited to phishing tests and tabletop exercises for trending security attacks, such as ransomware or supply chain attacks.
- Facilitate the security assessments, audits and due diligence reviews.
- Act as point of contact for the annual network security assessment requiring work shift adjustments to facilitate audit team activities.
- Respond to business partner security questionnaires and present control information during site visits.
- Lead discussions regarding assessment finding and corrective action plan reports.
- Track corrective action plan activities to completion and report to the internal audit team.
- Monitor third-party security scores for the corporation.
- Prepare security related budget entries and execute purchase orders accordingly.
- Research and recommend security related purchases to immediate supervisor.
- Obtain budgetary and purchase quotes.
- Perform other duties as assigned.
Competencies
The qualified candidate will have:
- Critical thinking skills for designing and assessing security controls to protect the IT resources and non-public records processed, stored and transmitted.
- Organization and goal attainment skills with an ability to manage multiple tasks with competing priorities, sometimes under periods of high stress.
- Strong written and verbal communication skills to participate in security control discussions, escalation procedures, document security control standards and procedures and to facilitate third-party assessments.
- Self-motivation to learn and stay abreast of information security best practices and trending threats.
- Collaboration skills to work in a team environment to improve security controls and enhance overall security posture.
Qualifications
The qualified candidate must have:
- A bachelor's degree in computer science or related field; an associate's degree in cybersecurity or related field; or equivalent professional experience and relevant security certifications.
- Familiarity with NIST Cybersecurity Framework, ISO/IEC 27000 series or PCI Data Security Standards.
- Experience with security control design and validation.
- Experience monitoring and testing security controls, analyzing security events and identifying anomalies and security violations.
- Experience working as a system administrator or network analyst with familiarity in automation or general coding practices.
- Experience with log analytics, security information and event management tools, log aggregators, assessment scanners, scripting languages, boundary and infrastructure devices, security baseline management and incident forensic tools.
Physical Activities/Working Conditions
The position requires the employee to:
- Sit frequently.
- Use office equipment including a personal computer, keyboard and mouse.
- Interact frequently with others in person, over the phone, and via email and other devices.
- Occasionally lift up to 50 pounds.
- Occasionally adjust work shifts to accommodate audits, assessments, due diligence reviews and project priorities.
The security information officer may split time between home and office with supervisor approval.
To apply for this position, please complete the employment application (PDF) and send it with a cover letter and resume to itrecruitment@studentloan.org
Iowa Student Loan is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or veteran status.