IT Security Analyst

About The Position

Requirements

• Working knowledge of Information Security governance, risk management, and compliance frameworks including FFIEC, NCUA, GLBA, NIST CSF, CIS Controls, and PCI-DSS.
• Understanding of Information Security policies, audit coordination, regulatory examinations, risk assessments, and remediation tracking processes.
• Familiarity with third-party/vendor risk management, security awareness training, business continuity, and incident response coordination.
• Familiarity with governance, reporting, and workflow management tools such as Microsoft Office, ServiceNow, Tandem, or similar business applications.
• A sighted person to read and interpret data.
• Ability to communicate verbally and in writing with staff and vendors.
• Ability to perform necessary computer-related input.
• Prolonged periods sitting at a desk and working on a computer.
• Ability to work flexible hours.
• Familiarity in using and managing SIEM tools, endpoint protection platforms, and cloud security technologies.
• Strong analytical and problem-solving skills to handle complex incidents.
• Excellent written and verbal communication skills for technical and non-technical audiences.
• Ability to prioritize tasks and manage time effectively in a fast-paced environment.
• Ability to perform detailed analyses of security incidents and recommend appropriate solutions.
• Interpersonal skills to collaborate with technical and non-technical teams effectively.
• Ability to produce high-quality, accurate work under pressure.
• Capacity to stay ahead of rapidly evolving cybersecurity trends.
• Ability to use various IT security tools and devices in a dynamic environment.
• Four year college level of language, math, and reasoning skills or person is currently pursuing a degree in computer security or a related field.
• 2+ years’ relevant experience in IT.
• Perform primarily sedentary work with limited physical exertion and occasional lifting of up to 5 lbs.
• Must be capable of climbing/descending stairs in emergency situation.
• Must be able to operate routine office equipment including telephone, copier, facsimile, and calculator.
• Must be able to routinely perform work on computer for an average of 6-8 hours per day.
• Must be able to work extended hours whenever required or requested by management.
• Must by capable of regular, reliable and timely attendance.
• Must be able to routinely perform work indoors in climate-controlled shared work area with moderate noise.
• Must be able to perform job functions with supervision and work effectively either on own or as part of a team.
• Must be able to read and carry out various instructions and follow oral instructions.
• Must be able to speak clearly and deliver information in a logical and understandable sequence.
• Must be able to perform basic mathematical calculations with extreme accuracy.
• Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public.
• Must be able to perform responsibilities with composure under the stress of deadlines/requirements for extreme accuracy and quality and/or fast pace.
• Must be able to effectively handle multiple, simultaneous, and changing priorities.
• Must be capable of exercising highest level of discretion on confidential matters.

Nice To Haves

• Preferred experience, enterprise risk management, red team/incident responder, or other relevant experience.
• Certifications preferred: None

Responsibilities

• Support the Credit Union’s Information Security Governance, Risk, and Compliance (GRC) program in alignment with FFIEC, NCUA, GLBA, NIST CSF, and CIS Controls.
• Assist with the development, review, maintenance, and administration of Information Security policies, standards, and procedures.
• Coordinate Information Security risk assessments, remediation tracking, exception management, and control validation activities.
• Support internal and external audits, regulatory examinations, and compliance reviews through evidence collection and documentation management.
• Prepare recurring security metrics, dashboards, reports, and board reporting materials.
• Support governance activities related to incident response, business continuity, disaster recovery, and change management.
• Assist with monitoring regulatory changes and assist with compliance impact assessments and remediation coordination.
• Support security awareness training initiatives, phishing campaigns, and training completion tracking.
• Maintain Information Security documentation, audit artifacts, governance records, and operational repositories.
• As directed by the IT Security manager, track audit findings, remediation activities, risk items, and security-related tasks to completion.
• Support administration of GRC platforms, workflow systems, and security request tracking processes.
• Coordinate with the IT Security Manager appropriate access review activities, documentation management, and security governance workflows.
• Maintain vendor management records, asset inventories, and security operational tracking documentation.
• Assist with incident response tabletop exercises, reporting coordination, and documentation updates.
• Support recurring operational reporting, committee materials, and executive reporting preparation.
• Participate in continuous improvement efforts for the Information Security Program.
• Collaborate with Information Technology, Compliance, Risk Management, Internal Audit, and business units on security initiatives.
• Support strategic Information Security projects and governance initiatives.
• Stay informed on evolving cybersecurity threats, regulatory requirements, and financial industry security practices.
• Attend professional development and security training as required.

Benefits

• Onboarding includes an orientation program with ongoing training to help staff further their career at BHFCU by building on their existing strengths.