Information Security Analyst II

About The Position

Requirements

• 3-5 years of experience in cybersecurity governance, risk management, compliance, or information security engineering roles, preferably within the financial services, banking or credit union industry.
• Demonstrated experience in security controls testing, findings remediation, exceptions management, and information security performance metric monitoring.
• A bachelor's degree in information security, Computer Science, Network, Cyber Security or relevant field is preferred.
• Strong understanding of regulations and standards relevant to credit unions, including FFIEC, NCUA, SOC 2, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks.
• Proficiency in risk assessment methodologies, operational risk management, and compliance management processes.
• Experience in monitoring phishing reports, managing InfoSec tickets, designing, launching and monitoring cybersecurity training tools and programs, and collaborating with cross-functional teams to resolve security incidents.
• Proficiency in data analytics tools, including coding (e.g., Python, SQL), Excel (e.g., pivot tables, VLOOKUP, macros) to identify anomalies and generate actionable insights.
• Ability to design, update, and analyze InfoSec performance metrics and KPIs, and present findings using PowerPoint.
• Exceptional organizational and communication skills, with the ability to convert complex issues into actionable insights for stakeholders.
• Flexible and capable of working independently, as part of a team, or cross-functionally to improve security performance, efficiency, and effectiveness.
• Passion for learning and solving problems.
• Ability to maintain a high level of confidentiality.

Nice To Haves

• Advanced Degree/Certifications such as CISSP, CISM, CISA, CEH, and CCSP are preferred.
• Experience with cybersecurity tools and GRC platforms is a plus.

Responsibilities

• Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations.
• Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc.,
• Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance.
• Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices.
• Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data.
• Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks.
• Analyze and document identified risks, providing actionable mitigation recommendations.
• Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience.
• Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks.
• Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings.
• Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements.
• Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses.
• Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions.
• Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up.
• Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals.
• Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector.
• Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program.
• Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.

Benefits

• Comprehensive medical insurance plan
• Dental and vision insurance
• Generous paid-time-off
• 12 paid holidays
• Annual bonus (based off of annual results/scorecard each year)
• 401(k) plan
• Wellness program
• Tuition assistance
• Employee loan discount
• Employee Assistance Program (EAP)
• Life and disability coverage