Security GRC Analyst

Job Overview

The Security GRC Analyst role is to ensure the secure operation of the Credit Union's computer systems, servers, and network connections. The role will primarily be responsible for the assessment of technology risk, including third party risk, developing remediation plans, and tracking to completion, enforcement of the network security policy, and compliance with requirements and recommendations of security audits and assessments. The incumbent will also be expected to make suggestions for hardware, software and policy changes that will improve the security posture of the organization.

Responsibilities

• Assess technology risk across IT and the organization, collaborate to develop remediation plans, and track initiatives to completion. Perform control gap assessments, communicate and track findings, and initiate plans for remediation.
• Assess third party risk, work with the business unit and vendor to communicate risk and determine action plans, and track initiatives to completion.
• Act as a security resource for projects in support of the business throughout the year. Communicate with IT Security team to clearly identify all required technical tasks and time requirements for each project to assist with determining a realistic estimated completion date. Ensure that technology risk is identified for new products and that systems are implemented in the most secure manner possible.
• Participate in all internal and external audits, guaranteeing that all security related documentation and materials are accurate, current and readily available. Ensure prompt and thorough response to and remediation of all findings and recommendations.
• Participate in all internal and external security assessments, guaranteeing that all security related documentation and materials are accurate, current and readily available and that the proactive testing is non-intrusive to maintain daily business operations. Manage prompt and thorough response to and remediation of all findings and recommendations.
• Support and contribute to the organization's security programs and help ensure that the team appropriately follows all incident response procedures when needed.
• Participate in regular vulnerability assessments of the infrastructure and follow up on and respond to or implement the remediation actions for all findings and recommendations.
• Evaluate the security of the infrastructure and identify areas for improvement. Suggest action plans that will increase the security posture of the organization without limiting or hindering required functionality.
• Develop or review and regularly enhance system hardening procedures for all infrastructure equipment based on industry standards.
• Take an active role in managing vendor relationships and analyzing internal processes to reduce expenses and/or increase efficiencies in support of continuous improvement. Assist with research of expenses and preparation of annual budgets and ensure accuracy when processing any assigned invoices.
• Look for opportunities to work more proactively and less reactively with a goal of continuous improvement. Identify ways in which to better monitor and/or improve the security of all systems and applications in order to increase system and application stability and up-time.
• Create and maintain Information Security Policies as directed. Ensure that written procedures are documented for all assigned functions and remain current.
• Participate effectively and efficiently when assigned tasks in support of disaster recovery exercises.
• Continually work on developing a full understanding of the LAN/WAN and Infrastructure.
• Must keep professional skills up to date and consistent with current technology.
• Must be a high energy individual who can multi-task and work well in stressful situations.
• Must be technically oriented and have excellent analytical, organizational and communication skills.
• Perform additional duties as assigned.

Qualifications and Education Requirements

• Minimum of three years of IT Security or technology risk experience required; Banking experience preferred.
• Bachelor's Degree in related field required. Three years demonstrated technical experience may be substituted in lieu of degree.
• One or more industry certifications preferred, such as: CompTIA Security+, GIAC (Information Security Fundamentals), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CCNA Security (Cisco Certified Network Associate Security), SSCP (Systems Security Certified Practitioner), MCSA (Microsoft Certified Systems Administrator) with specialization in Security. Certifications in security specialties may fulfill this requirement.
• Working knowledge of cyber security frameworks.
• Working knowledge of security protocols.
• Knowledge of IT systems, security measures and best practices required to protect corporate networks.
• Knowledge of system and network exploitation as well as common attack vectors and various types of malware.
• Knowledge of mobile device security strategies.
• Broad range of network, infrastructure and telecommunications knowledge.
• Knowledge of servers, software, networking equipment, and infrastructure elements.

Additional Skills/Notes:

• Excellent oral and written communication skills required.
• Analytical skills, such as process flow analysis and systems analysis required.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.