• Design, implement, maintain, and continuously improve cybersecurity solutions. • Integrate and securely configure security controls. • Monitor, evaluate, and investigate security controls and events. • Identify, analyze, and remediate vulnerabilities and incidents. • Ensure the security and resilience of systems across on-premise, cloud, and hybrid environments. • Implement and enforce cybersecurity policies, procedures, and controls. • Develop scripts, tools, and automation for security purposes. • Produce technical documentation, risk assessments, and audit reports. • Collaborate with internal teams, external providers, and public sector bodies.

• Design, implement, maintain, and continuously improve cybersecurity solutions protecting government systems and critical infrastructure using modern security technology stacks • Integrate and securely configure security controls in line with organizational policies, EU regulations, and public sector standards • Monitor, evaluate, and investigate security controls and events, including security event analysis and SIEM tooling (e.g., Splunk investigations) • Identify, analyze, and remediate vulnerabilities and incidents, including patching, system hardening, and certificate and cryptographic asset management • Ensure the security and resilience of systems across on-premise, cloud, and hybrid environments, including high-availability infrastructures • Implement and enforce cybersecurity policies, procedures, and controls aligned with governance, risk, and compliance (GRC) frameworks • Develop scripts, tools, and automation to enhance security monitoring, detection, and response capabilities • Produce technical documentation, risk assessments, and audit reports; communicate findings to stakeholders and management • Collaborate with internal teams, external providers, and public sector bodies; provide cybersecurity expertise and user support

Role Description Under the general direction of the AVP, Network Infrastructure, the Senior Information Security Administrator is responsible for administering, monitoring, and maintaining the Credit Union’s information security systems and controls. This mid-level role supports daily security operations, protects information systems from internal and external threats, ensures compliance with regulatory requirements, and helps maintain a resilient technology environment across cloud-based, on-premises, and remote systems. The Senior Information Security Administrator works closely with the Senior Information Security Engineer, IT, business units, and security vendors to maintain defenses, support incident response activities, strengthen the Credit Union’s security posture, and ensure secure and reliable access to systems and data. - Protect electronic information and infrastructure from external and internal threats, maintain compliance with statutory and regulatory requirements regarding information access, security, and privacy. - Manage and configure security tools and technologies, including firewalls, intrusion detection systems, and antivirus software. - Analyze logs for suspect intrusion or attacks. - Analyze event logs, alerts, and system activity to detect anomalies and respond appropriately to potential incidents. - Oversee and support daily operations of Fortigate Firewalls, Darktrace Email and IDS/IPS, Arctic Wolf SIEM and vulnerability management, Appgate VPN, Sophos Anti-Virus, Fortra DLP, and additional security systems as assigned. - Monitor security incidents and alerts, escalate as needed, and participate in containment and remediation activities. - Participate in system security configuration changes (Change/Configuration Management). Ensuring all changes are properly scheduled, documented, and fully tested prior to roll-out. - Conduct regular security assessments, audits, and risk analysis to identify vulnerabilities and threats. - Collaborate with IT and other departments to ensure security measures are integrated into all aspects of the organization's operations. - Prepare written and oral reports to keep team leaders informed of work progress. - Maintain and document security systems in accordance with internal standards. - Ensure compliance and enforcement of systems standards and policies for connected computing environments. - Analyze and participate in the development of security standardization and implementation of security controls. - Keep professional skills updated and stay up to date with the latest security trends, threats, and technologies. - May participate in an on-call rotation or respond to after-hours security events as needed. - Perform vulnerability assessments, patch management, malware/rootkit protection, log review, access audits, and secure traffic control. Ensure timely remediation and proper configuration of network-connected systems. - Manage secure vendor connectivity. - Oversee daily performance of security infrastructure including firewalls, SIEM, secure remote access, etc. - Ensure systems are properly configured, monitored, and updated to maintain network integrity. - Perform audits and tests of all security systems and work with security vendors to remediate alerts. - Maintain inventory of security hardware/software and assist in lifecycle management, budgeting, and licensing compliance. - Be a contributing member of various project teams with the possibility of multiple team projects overlapping. Manage your time and productivity to ensure projects stay on task in time, cost, and scope. Effectively work with project manager and stakeholders, maintaining communications. - Support ongoing security hardening, DR/BCP exercises, testing of data/system recovery, and improvements to resilience. - Treat all co-workers and members with respect. - Support and participate in continuous improvement activities. - Represent the Credit Union in a positive and professional manner. - Other related duties as assigned. - Maintain member and other sensitive information with confidentiality. Qualifications - Minimum 5 years experience in information security, network security, or systems administration with hands-on experience managing firewalls, IDS/IPS, SIEM, VPN, endpoint protection, and vulnerability management. - Strong understanding of network security and protocols, traffic capturing and protocol analysis. - Hands-on implementation, configuration, and management of security enterprise infrastructure. - Physical work experience with enterprise class firewalls and IDS. - Knowledge of information security governance. - Excellent communications and interpersonal skills, and ability to work effectively with all organizational levels and auditing entities. - Able to work on multiple projects/priorities in a deadline-driven environment and adapt quickly to change. - A wide degree of creativity and latitude is expected. - Foundational certifications such as CompTIA Security+, Network+, or equivalent knowledge gained through work experience are preferred for minimum qualification. Requirements - 3 years experience as a security administrator with exposure to financial services, banking, or credit-union environments. - Experience administering enterprise platforms such as Fortigate firewalls, Darktrace, Arctic Wolf SIEM, Appgate VPN, Sophos, and Fortra DLP. - Experience working with cloud or hybrid infrastructures (Azure, AWS, GCP) is strongly preferred. - Experience with cloud security and virtualization technologies. - Knowledge of UNIX/Linux operating systems. - Ability to conduct research into a wide range of information security issues as required. - Ability to absorb and retain information quickly. - Ability to present ideas in user-friendly language to non-technical staff and end-users. - Information Security certifications (CISSP, CEH, MCSE). Education - Bachelor of Science degree in computer science, MIS, or similar discipline or equivalent years of service. Benefits - Medical - Dental - Vision - Life Insurance - Flexible Spending Account - 401(k) Matching - Paid Time Off - Training Provided - Tuition Reimbursement

• Responsible for leading a team of security analysts to protect enterprise systems and PHI, ensuring compliance with HITRUST, HIPAA, SOC 2 and related regulatory frameworks while maturing detection, response, and governance capabilities. • Handle day-to-day management of security operations and continuous compliance monitoring. • Driving cybersecurity maturity with continuous improvement of controls. • Continuously evaluating and managing the cyber and technology risk posture of the organization. • Lead Marathon Health’s internal and outsourced security teams to execute on the roadmap defined by our CISO. • Lead the security team response to security incidents and breaches. • Manage the prospect, client and 3rd party security assessment fulfillment process. • Identify and manage vulnerabilities. • Maintain and continuously improve SOC2/HITRUST CSF certification; ensure security control ownership, evidence collection, and audit readiness are operationalized across all responsible domains.