Information Security Analyst II

Meritrust•Broomfield, CO

41d•$78,068 - $97,585

About The Position

We recognize that in order to meet the needs of our communities, we must represent our communities. Our success relies on creating a culture where we have diverse perspectives and a true sense of belonging. This is a journey, and we pledge to do more than simply check the box. When you join the Meritrust team, your benefits will include: Comprehensive medical insurance plan Dental and vision insurance Generous paid-time-off 12 paid holidays Annual bonus (based off of annual results/scorecard each year) 401(k) plan Wellness program Tuition assistance Employee loan discount Employee Assistance Program (EAP) Life and disability coverage What sets working for Meritrust apart? Career development and pathing opportunities to move into leadership roles or other lines of business within MCU such as Commercial Lending, Finance, Marketing, Underwriting, Member Solutions, Training, Human Resources, and more. Supportive and engaging work environment. A wellness and sustainable work culture that puts family, Mother Nature, our community, and your health first. A work environment that encourages personal as much as professional growth, teamwork to make the dream work, and treating everyone equally. Studies have shown that individuals from marginalized and or historically underrepresented groups may be less likely to apply for jobs unless they meet every one of the qualifications listed. We are most interested in finding the best candidate for the job. We would encourage you to apply for a job at Meritrust Credit Union, even if you don't meet every one of our qualifications listed. This is a full-time position working 40 hours a week, Monday-Friday 8:00am - 5:00pm. POSITION SUMMARY Responsible for executing the Governance, Risk, and Compliance (GRC) program within Information Security team for Meritrust Credit Union (MCU). This position reports to the AVP, Security Analysis. Will work closely with the Risk and Compliance department in ensuring MCU is meeting regulatory requirements and organizational risk tolerance. This position is responsible for maintaining all operational tasks within the information security portfolio including security training, building and reviewing security policies and controls, conducting risk reviews of systems and compliance with information security best practices.

Requirements

3-5 years of experience in cybersecurity governance, risk management, compliance, or information security engineering roles, preferably within the financial services, banking or credit union industry.
Demonstrated experience in security controls testing, findings remediation, exceptions management, and information security performance metric monitoring.
A bachelor's degree in information security, Computer Science, Network, Cyber Security or relevant field is preferred.
Ability to maintain a high level of confidentiality.
Strong understanding of regulations and standards relevant to credit unions, including FFIEC, NCUA, SOC 2, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks.
Proficiency in risk assessment methodologies, operational risk management, and compliance management processes.
Experience in monitoring phishing reports, managing InfoSec tickets, designing, launching and monitoring cybersecurity training tools and programs, and collaborating with cross-functional teams to resolve security incidents.
Proficiency in data analytics tools, including coding (e.g., Python, SQL), Excel (e.g., pivot tables, VLOOKUP, macros) to identify anomalies and generate actionable insights.
Ability to design, update, and analyze InfoSec performance metrics and KPIs, and present findings using PowerPoint.
Exceptional organizational and communication skills, with the ability to convert complex issues into actionable insights for stakeholders.
Flexible and capable of working independently, as part of a team, or cross-functionally to improve security performance, efficiency, and effectiveness.
Passion for learning and solving problems.

Nice To Haves

Advanced Degree/Certifications such as CISSP, CISM, CISA, CEH, and CCSP are preferred.
Experience with cybersecurity tools and GRC platforms is a plus.

Responsibilities

Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations.
Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc.,
Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance.
Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices.
Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data.
Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks.
Analyze and document identified risks, providing actionable mitigation recommendations.
Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience.
Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks.
Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings.
Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements.
Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses.
Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions.
Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up.
Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals.
Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector.
Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program.
Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.