Sr. GRC Security Analyst – Alliant Credit Union
Start a rewarding career with Alliant
What will your day be like?
You will be responsible for supporting Alliant’s information technology and information security (IT / S) governance, risk management and compliance initiatives and projects. The incumbent will oversee the IT / S requirements and obligations of the business mandated by regulatory, legal and voluntary requirements.
The Senior GRC Security Analyst will support the requirements of three programs: 1) Governance: ensuring appropriate decision-making structures and processes and managing the creation and maintenance of governance documents (e.g. policies, standards, procedures) of teams information technology and security. 2) Risk management – identify, analyze and facilitate decision making and action on risks. Ensure alignment with ERM processes and organizational risk appetite. 3) Compliance – identify mandatory and voluntary organizational requirements, translate them into IT / S controls, facilitate the implementation of requirements and perform regular control assurance exercises.
Do you see yourself doing this?
- Manage and execute projects to ensure control design is aligned with compliance / regulatory requirements, including improvement of existing compliance / regulatory processes and controls.
- Assist and lead the execution of compliance programs around Privacy, FFIEC, NCUA, HIPAA, PCI, CIS, NIST CSF SOC 1/2/3 and GLBA.
- Work closely with control owners and stakeholders to gather required documents and answer questions.
- Perform and lead compliance assessments and data security governance reviews for internal applications and products as well as service providers using established IT risk assessment frameworks and assessment programs.
- Prepare and present assessment results to cross-functional teams such as product, engineering, security, procurement, legal and compliance.
- Lead an operating tempo to report key metrics including status of assessments and issue management.
- Develop IT policies, standards and procedures and follow the process to have them reviewed, approved and published. Lead a training and awareness session to explain the requirements to others.
- Identify organizational and regulatory requirements and write the IT / S controls required to meet them.
- Participate in other security and audit compliance efforts.
- Communicate project status, compliance results and issues regularly to control owners, stakeholders and management.
- Interact with multiple cross-functional teams to educate, train and answer questions related to processes, policies, controls and risk mitigation.
- Consider and promote continuous improvement of respective processes, controls and compliance certifications.
- Stay up to date and use industry standards and best practices to improve overall security.
- Learn, understand, use and administer our GRC platform.
- Support the timely correction of regulatory and audit findings and recommendations.
- Support supplier due diligence to define third party risk management efforts.
- Identify the strengths and weaknesses of the security program with respect to privacy, security, business resiliency, and compliance frameworks.
- Maintain close monitoring of third parties, suppliers and business partners to guard against undue risks presented by external entities. Escalate security management and business unit managers when weaknesses are discovered.
- Analyze results and document, recommend and report program deficiencies to security officials.
- Monitor current and proposed security changes impacting industry best practices in regulation, privacy and security.
What makes you a good fit?
You will be a good candidate if, in addition to obtaining a bachelor’s degree in computer science, information assurance, GIS or a related field, or equivalent experience in the industry, is required and you have :
- More than 5 years of experience in GRC or cybersecurity as a practitioner with at least 2 years of exposure with various security frameworks.
- Strong business acumen with a proven ability to align with security practices and compliance responsibilities.
- Experience and understanding of various regulatory requirements and laws including, but not limited to, FFIEC, NCUA, PCI, SOX, HIPAA, GDPR and GLBA. Additional experience in one or more of the following areas: ISO 27001/2, ITIL or NIST.
- Exceptional written and verbal communication skills and proven ability to translate safety and risk across all levels of the business.
- Ability to understand legacy and progressive security technologies and controls as well as respective risks.
- Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
- Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
- Experience acting with integrity, being curious, adaptable and communicating effectively.
- Preferred experience with cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.
- Previous experience with major GRC systems from vendors such as RSA, MetricStream, IBM and TruOps.
- Demonstrated problem solving skills and ability to manage complex local and international security requirements.
- Motivated and well organized, with the vision to position the controls in anticipation of threats.
- Successful experience in managing external entity contracts and relationships and mitigating risks associated with business development opportunities.
- Knowledge of national, federal and international privacy laws.
- Maintain or work towards one or more of the following certifications in compliance, risk management or governance: CRISC, CISM, CGEIT or CISA.
When you are happy, we are happy!
To thank you for joining our team, you will benefit from:
- Competitive free medical, dental and vision benefits
- Competitive compensation plan
- Membership fees for gym memberships
- Generous power take-off and bank holidays