Analyst-Risk, AACU Information Security

Are you ready to explore a world of possibilities, both at work and duringyour time off? Join our American Airlines family, and you'll travel the world, grow your expertise and become the best version of you. As you embark on a new journey, you'll tackle challenges with flexibility and grace, learning new skills and advancing your career while having the time of your life. Feel free to enrich both your personal and work life and hop on board

This job is within the American Airlines Credit Union. The role is responsible for providing operational support for the Credit Union's Information Security Department and overseeing the governance and compliance aspects of the Patch and Vulnerability Management (PVM) program. This role also involves tracking, reporting, evaluating, and escalating the status of the PVM program, facilitating governance and steering committees, and prioritizing patch risks over time to ensure the organization's security posture remains robust and compliant with industry standards.

• Develop and maintain dashboards and reports to provide visibility into the PVM program's effectiveness and areas for improvement.
• Facilitate governance and steering committee meetings related to vulnerability management, ensuring alignment with organizational objectives and regulatory requirements
• Track aging vulnerabilities and coordinate with relevant teams to ensure timely remediation, escalating issues as necessary
• Assist in developing and enforcing policies, standards, and procedures related to patch and vulnerability management
• Assist in risk-ranking vulnerabilities and prioritizing level of urgency appropriately
• Stay informed about emerging threats, vulnerabilities, and regulatory changes that may impact the organization's security posture
• Support audits and assessments by providing necessary documentation and evidence of compliance with security frameworks such as PCI, NCUA, FFIEC, and others
• Audit and monitor production system logs for unauthorized transactions and intrusions
• Assist in performing security risk assessments and disaster recovery/business continuity planning
• Provide analysis and recommendations for information security configuration to IT Project Managers
• Perform administrative functions to complete required tasks including recording issues into tracking system, checking voicemail/email, and documenting processes and issues
• Promote security awareness programs within the company (i.e. phishing and employee engagement in the program)
• Provide detailed verbal and written communication to management and peers
• Ensure optimal use of vulnerability detection, anti-virus, malware, protection, and anomaly reporting software
• Collaborate and maintain relationships with various departments across the organization
• Work tickets in the servicing queue, routing them to the appropriate team for follow-up if necessary
• Perform other duties, as assigned
• The selected candidate will be responsible for ensuring the security and confidentiality of all