Information Security Governance Risk and Compliance Analyst Sr. - Hybrid

Lead the development and implementation of the InfoSec Governance, Risk & Compliance (GRC) programs. Lead the coordination of security compliance efforts, risk assessment and mitigation, third party risk management, and overall security policy governance.

• Lead the strategic design and execution of a comprehensive security risk and compliance program for the organization.

• Develop, review, communicate and maintain Information Security policies, standards and procedures that support security best practices. Serves as a subject matter expert for information security and compliance policies and procedures.

• Provide leadership and direction for the ongoing monitoring of the organization's security posture and identify potential risks, threats and vulnerabilities.

• Lead ongoing third-party due diligence, risk tracking and monitoring, and coordinate efforts to address security concerns or requirements.

• Lead interactions with external auditors to ensure compliance with industry regulatory requirements and standard.

• Perform regular risk assessments to address security threats, changes to systems and/or applications, process improvement initiatives, third-party provider assessments and other related business needs.

• Coordinate remediation efforts to mitigate internal/external information technology and security related audit findings.

• Maintain accurate reporting of mitigation and remediation activities to bring appropriate visibility to stakeholders and leadership.

• Prepare and present executive-level reports regarding the organization's security and compliance status.

• Lead and facilitate the enterprise security awareness program, including development of custom materials when needed.

• Develop reporting metrics, dashboards and evidence of risk management and compliance activities.

• Stay updated on the latest security trends, emerging threats and best practices to continuously improve the overall security posture.

• Provide leadership and mentoring for a team of GRC analysts.

• Carries out other responsibilities as assigned by their manager

Education

• Min/Preferred: Minimum 4 Year / Bachelors Degree - Bachelor’s degree in computer science, Information Systems, Information Security/Assurance or related field.
• Preferred Graduate Degree - Master's degree in computer science, Information Systems, Information Security/Assurance or related field.     
• Minimum Other - Professional certifications in Information Security, Risk Management and/or Compliance (such as CISA, CGEIT, CISM, CRISC, CISSP, CRISC etc.) preferred.

Experience

• Minimum Years of Experience: 8
• Preferred Years of Experience:  10
• Comments: Minimum of 8 years of relevant experience in Information Security Compliance, Technology Risk Management and/or Auditing

Knowledge, Skills & Ability

• Excellent knowledge of regulatory rules, standards and best practices that govern information security in the financial services industry, such as FFIEC/NCUA.
• Excellent knowledge and extensive experience with facilitating information security and risk management standards, practices, methods, frameworks including NIST, PCI, ISO 27001, FAIR, OCTAVE etc.
• Prior experience with developing security policies, standards, and controls definition across multiple security compliance frameworks
• Previous management consulting experience, preferred.
• Strong interpersonal skills and ability to effectively communicate, both written and verbally, with a broad range of stakeholders
• Excellent presentation, facilitation, executive reporting, and communication skills

Disclaimer

Logix Federal Credit Union is an equal opportunity employer that does not discriminate in employment opportunities or practices on the basis of race, religion, color, sex, sexual orientation, gender identity, national origin, protected veteran or disability status, or any other status protected by law.