Third-Party Risk & Senior InfoSec Analyst

OneAZ Credit UnionPhoenix, AZ
$84,149 - $105,186Onsite

About The Position

The Third-Party Risk & Senior Infosec Analyst supports the credit union’s vendor risk management, incident response coordination, and information security governance and oversight programs. This role is responsible for performing risk assessments of third-party vendors, supporting incident management activities, and providing administrative and operational support for the Information security governance and oversight program. The position works cross-functionally with Information Security, Risk Management, and IT.

Requirements

  • High School Diploma or GED Required
  • Bachelors Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
  • 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
  • Understanding of vendor risk management and due diligence practices
  • Familiarity with SOC reports and basic control frameworks
  • Working knowledge of incident response lifecycle and documentation
  • Strong attention to detail and documentation discipline
  • Ability to manage multiple priorities and meet deadlines
  • Effective written and verbal communication skills
  • Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders.
  • Strong written and verbal communication with consistent escalation and status reporting discipline.

Responsibilities

  • Perform risk-based due diligence and ongoing monitoring of third-party vendors
  • Review and analyze Security questionnaires
  • Review and analyze SOC 1 / SOC 2 reports
  • Review and analyze Business continuity and disaster recovery documentation
  • Document vendor risk assessments and identify control gaps
  • Drive remediation efforts and follow up with business owners and vendors
  • Maintain vendor risk inventory and supporting documentation
  • Assist in preparing reports for management and regulatory exams
  • Escalates overdue remediation items and unresolved control gaps.
  • Support coordination of incident response activities (cybersecurity, and security/operational incidents)
  • Track incidents from identification through resolution
  • Manage incident documentation, evidence tracking, and record maintenance
  • Assist in post-incident reviews, including root cause analysis and lessons learned
  • Support development and maintenance of incident response procedures and playbooks
  • Participate in incident response testing and tabletop exercises
  • Compile and maintain reporting on Vendor risk assessments and outstanding issues
  • Compile and maintain reporting on Incident trends and metrics
  • Coordinate with IT and compliance teams to ensure timely execution of security operational requirements.
  • Ensure documentation is complete, organized, and audit-ready
  • Identify and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture.
  • Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
  • Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels

Benefits

  • Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time
  • Low-cost Medical, Dental & Vision plans
  • Paid childcare assistance
  • Award-winning 401K
  • Gym fee reimbursement
  • Tuition Reimbursement
  • Student loan repayment
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service