Dieses Stellenangebot ist nicht mehr verfügbar
Über
Meritrust Credit Union is committed to representing diverse communities and fostering a culture of belonging. The Information Security Analyst II (GRC) will execute the Governance, Risk, and Compliance program, ensuring regulatory compliance and managing operational tasks related to information security, including training and risk assessments.
Responsibilities : • Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations. • Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc., • Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance. • Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices. • Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data. • Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks. • Analyze and document identified risks, providing actionable mitigation recommendations. • Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience. • Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks. • Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings. • Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements. • Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses. • Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions. • Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up. • Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals. • Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector. • Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program. • Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.
Qualifications : Required : • Responsible for executing the Governance, Risk, and Compliance (GRC) program within Information Security team for Meritrust Credit Union (MCU). • Will work closely with the Risk and Compliance department in ensuring MCU is meeting regulatory requirements and organizational risk tolerance. • This position is responsible for maintaining all operational tasks within the information security portfolio including security training, building and reviewing security policies and controls, conducting risk reviews of systems and compliance with information security best practices. • Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations. • Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc. • Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance. • Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices. • Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data. • Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks. • Analyze and document identified risks, providing actionable mitigation recommendations. • Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience. • Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks. • Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings. • Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements. • Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses. • Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions. • Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up. • Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals. • Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector. • Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program. • Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.
Company :
Meritrust Credit Union offers loans, insurance, financial education, digital banking, and other services. Founded in 1935, the company is headquartered in Wichita, USA, with a team of 201-500 employees. The company is currently Growth Stage.
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.