Information Security Analyst II (GRC)

MERITRUST CREDIT UNIONBroomfield, CO
$78,068 - $97,585Onsite

About The Position

Responsible for executing the Governance, Risk, and Compliance (GRC) program within Information Security team for Meritrust Credit Union (MCU). This position reports to the AVP, Security Analysis. Will work closely with the Risk and Compliance department in ensuring MCU is meeting regulatory requirements and organizational risk tolerance. This position is responsible for maintaining all operational tasks within the information security portfolio including security training, building and reviewing security policies and controls, conducting risk reviews of systems and compliance with information security best practices.

Requirements

  • Associate’s or Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent experience.
  • Entry level security certifications such as CompTIA Security+, SSCP, or similar preferred or willingness to obtain.
  • Basic understanding of information security concepts, principles, and best practices.
  • Familiarity with security frameworks and standards such as PCI DSS, NIST, CIS, and OWASP.
  • Basic knowledge of Microsoft Windows desktop and server environments.
  • Introductory knowledge of Linux operating systems.
  • Fundamental understanding of networking concepts and protocols.
  • Awareness of common cybersecurity threats, vulnerabilities, and attack methods.
  • 0 to 2 years of experience in IT, cybersecurity, or a related technical role.
  • Experience supporting IT systems, help desk, infrastructure, or security operations preferred.
  • Exposure to regulated environments (financial services preferred) is a plus.
  • Learning Orientation: Willingness to learn and grow within the information security field.
  • Basic experience with security tools such as endpoint protection, vulnerability scanners, or log monitoring platforms preferred.
  • Ability to follow established procedures and document work accurately.
  • Strong analytical and troubleshooting skills.
  • Good written and verbal communication skills.
  • Strong customer service mindset and ability to work collaboratively with others.
  • Ability to manage multiple tasks and prioritize work effectively.

Nice To Haves

  • Entry level security certifications such as CompTIA Security+, SSCP, or similar preferred or willingness to obtain.
  • Experience supporting IT systems, help desk, infrastructure, or security operations preferred.
  • Exposure to regulated environments (financial services preferred) is a plus.
  • Basic experience with security tools such as endpoint protection, vulnerability scanners, or log monitoring platforms preferred.

Responsibilities

  • Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations.
  • Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc., Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance.
  • Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices.
  • Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data.
  • Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks.
  • Analyze and document identified risks, providing actionable mitigation recommendations.
  • Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience.
  • Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks.
  • Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings.
  • Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements.
  • Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses.
  • Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions.
  • Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up.
  • Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals.
  • Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector.
  • Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program.
  • Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service