Analyst, Security Program Strategy Controls Assurance

About The Position

Requirements

• Experience in control testing including experience in some of the three lines of defense (Audit, ERM, First Line areas).
• Experience in audit and information security risk assessments.
• Knowledge of applicable federal and state laws, rules, and regulations (i.e. FFIEC, NIST, ISO).
• Knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series), ISO 27001/27002, SANS/CIS 20, PCI DSS, and other Information Security requirements and frameworks.
• Experience in working with all levels of staff, management, stakeholders, and third parties.
• Effective planning and organizational skills.
• Effective research, analytical and problem-solving skills.
• Strong verbal, written and interpersonal communication skills, including technical writing.
• Bachelor Degree in business, information systems or related field or equivalent work/military experience.
• CISSP, CISA, CCSP, CRISC or other Information Security certifications.
• Ability to present findings and conclusions clearly and concisely.
• Ability to build effective relationships through rapport, trust, diplomacy, and tact.
• Strong word processing and spreadsheet software skills.

Responsibilities

• Planning & Scoping of Asset Based Assessments including development of communications, risk & control matrices, scope documents, and other supporting information.
• Perform walk-throughs with business partners identifying actual versus expected controls.
• Create test strategies to test actual controls.
• Document all work performed to meet the IIA reperformance standard.
• Document issues and final reports.
• Present to leadership results of assessments.
• Any other duties as assigned to support the program.