IS Compliance Analyst

About The Position

Requirements

• Bachelor's degree from four-year college or university in Computer Science or Computer Security or equivalent combination of education and/or experience related to the discipline.
• Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT.
• Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology.
• Ability to understand enterprise business computing operations/requirements.
• Knowledge of forensics, incident analysis, and incident response management.
• Ability to stand firm on issues yet be flexible and creative to find effective solutions.
• Ability to organize, create, and deliver technical proposals and presentations to peers and management.
• Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep WECU in compliance and reduce legal liabilities.
• Ability to respond effectively to highly sensitive inquiries or complaints.
• Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences.
• Ability to read and interpret complex documents and summarize findings.
• Ability to write complex reports, regulatory documents, policies and correspondence.

Nice To Haves

• Three years related experience.
• CISSP, CISA, or CRISC certifications are a plus.
• Financial services experience is a plus.
• Project Management knowledge and experience a strong plus.

Responsibilities

• Work with Manager of Information Security Compliance to provide subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including, but not limited to, 12 CFR Part 748, GLBA, and others.
• Update and maintain WECU’s written Information Security policies, procedures, and risk management guidelines.
• Perform vendor due diligence reviews on new or existing vendors to evaluate Information Security risk to WECU.
• Process and respond to potential and actual cyber security incidents, or alerts issued through the US-CERT, FS-ISAC, or CISA as applicable to enterprise systems and operations.
• Work with the Manager of Information Security Compliance to establish, maintain, and institutionalize security incident response procedures to ensure that security events are thoroughly investigated, documented, and reported; that damage is minimized, that risks are mitigated, and that remedial actions are taken to prevent recurrence.
• Assist in staff training on Information Security Incident Response processes.
• Acts as a liaison with other internal groups in the implementation of regulatory compliance solutions.
• Work with the Manager of Information Security Compliance to assure executive management's awareness of legal and regulatory changes that might impact information security and privacy policies and practices.
• Work with the Manager of Information Security Compliance to prepare reports on the status and effectiveness of the information security program.
• Work with the Information Security Team to coordinate, conduct, and review data security requirements, specifications, risk assessments, and, if applicable, third-party risk assessments of any new or existing computer applications or services.
• Work with the Manager of Information Security Compliance to verify that security requirements are identified, and that risk mitigation plans are developed and contractually agreed to prior to the purchase of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.
• Review third-party attestation and audit reports and provides feedback to business leaders and risk owners.
• Work with the Information Security Team to monitor and manage compliance of implemented enterprise information security controls.
• Complete Information Security Control Assessments
• Other duties as assigned.

Benefits

• medical, dental, and vision benefits with premiums for employee coverage paid in full
• 401(k) retirement plan with an 8% annual contribution from WECU
• bonus plan
• two or more weeks of vacation
• up to 11 paid holidays
• paid life and disability insurance
• annual wellness benefit
• loan discounts
• professional development