Please reference the schedule and minimum qualifications listed below before applying.

If you need assistance with filling out our application form or during any phase of the application interview or employment process please notify our Human Resources Team at option 1 or email and every reasonable effort will be made to accommodate your needs in a timely manner.

Job Summary

Job Description

LOCATION

Mountain America Center - Hybrid

9800 S Monroe St
Sandy UT 84070

SCHEDULE

Full Time; this is a hybrid schedule with some weekly in office expectation based on business need.

To be effective an individual must be able to perform each job duty successfully.

• Contribute to strategic direction and participate in the execution of roadmap to enhance MACUs cybersecurity and technology risk management capabilities. Help shape priorities sequencing and success measures for assigned program areas.
• Actively assist leadership in developing project plans roadmaps and status reporting for risk assessments control testing standards and training documentation and other risk management activities.
• Develop and implement testing approaches and strategies to assess the design and operating effectiveness of controls. Lead the design conduct and document tests of controls process walkthroughs and risk assessments to evaluate design and effectiveness.
• Intake triage analyze and rate (inherent/residual) cybersecurity and technology risks in collaboration with subject matter experts and risk owners. Facilitate alignment and drive completion of risk treatment decisions. Coordinate and perform continuous monitoring of risk treatment activities.
• Assess risk and control gaps of IT systems processes and procedures. Ensure control gaps and other risk issues are documented and reported. Review remediation plans and provide feedback to ensure plans are sufficient to ensure sustainable remediation. Monitor remediation progress identify blockers and escalate concerns when risk reduction is not on track.
• Evaluate and provide guidance to first line of defense Cybersecurity and Technology teams related to their standards processes controls and risk exceptions.
• Research understand and interpret regulations and frameworks that relate to cybersecurity technology privacy and data. Stay aware of changes and educate key stakeholders regarding changes to existing and new regulations and recommended response considerations for MACU. Work closely with the risk owners and Legal Risk Management and Compliance teams to ensure compliance with applicable laws and regulations.
• Develop and maintain procedures and training related to risk frameworks standards and roles and responsibilities for first line Cybersecurity and Technology teams to ensure effective identification of risks implementation of controls monitoring of controls and reporting on the control environment and any corresponding issues or risks. Improve adoption by translating expectations into actionable guidance and job aids.
• Actively identify and lead implementation of process improvements and efficiencies.
• Support regular and ad-hoc reporting on findings metrics and recommend mitigations to first and second line of defense leadership. This includes ad-hoc and scheduled meetings with leadership and risk owners.
• Coordinate and oversee third-party independent risks assessments as necessary to improve the IT risk program and control environment. Define scope evaluate outputs and ensure recommendations are actionable.
• Review and provide guidance and quality control for technology and security related Key Risk Indicators (KRIs). Improve the reliability definition and thresholds so KRIs drive decisions and action.
• Lead special projects and perform other duties as assigned.

KNOWLEDGE SKILLS and ABILITIES

The requirements listed are representative of the knowledge skills and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Education and Experience

• Bachelors degree in Information Security Computer Science Information Management Business or related field or equivalent combination of education and work experience. Advanced degree or equivalent work experience preferred.
• 5 years of similar or related experience in first or second-line of defense cybersecurity technology or data risk management and/or IT audit or related consulting or professional services.
• Experience in leading the evaluation of security and technology controls against cyber technology and privacy regulations standards and frameworks (e.g. FFIEC ISO 27001 NIST CSF NIST AI RMF COBIT SOC2 PCI ITIL DORA FAIR etc.).
• Experience leading the development and documentation of IT processes and controls.
• Experience with Archer or other GRC automation tools preferred.
• Experience working in banking financial services or other regulated environment preferred.
• Working knowledge of major regulatory/legal frameworks (US/international) driving requirements across technology organizations preferred.
• Working knowledge of risk/control issues in relation to evolving technology (e.g. blockchain AI/Machine Learning cloud quantum computing etc.) preferred.

Licenses Certifications Registrations

• Certification from recognized security technology or risk management body (e.g. CISSPCEH CISA/CISM CRISC GIAC FAIR etc.) is preferred.

Knowledge & Skills

• Advanced understanding of the purpose application and integration of enterprisewide cybersecurity and technology risk concepts. Demonstrated ability to analyze technology and security risk solutions independently scope and execute risk assessments and assess complex risk scenarios across domains such as vulnerability management resilience SDLC infrastructure cloud data governance and AI governance.
• Strong working knowledge and applied experience with cyber technology and privacy regulations standards and frameworks (e.g. FFIEC ISO 27001 NIST CSF NIST AI RMF COBIT SOC 2 PCI CCPA ITIL DORA FAIR). Applies subject-matter expertise to interpret regulatory intent assess applicability identify gaps and translate requirements into practical expectations for first line teams.
• Proven ability to independently manage and prioritize work in a fastpaced environment with competing demands. Demonstrates sound judgment when navigating ambiguity balancing risk regulatory expectations and business objectives and proactively identifying when to escalate or recalibrate priorities.
• Excellent written and verbal communication skills with demonstrated experience drafting and reviewing policies standards procedures control documentation and risk assessments. Ability to clearly articulate risk control gaps and recommendations to technical teams business partners and senior management in a concise actionable manner.
• Demonstrated initiative and continuous learning mindset with the ability to apply new knowledge emerging risks and evolving best practices to improve program maturity. Willingness to take on stretch assignments and lead problemsolving efforts for complex or novel risk topics relevant to MACU.
• Strong collaborative problemsolving and stakeholder engagement skills. Demonstrated ability to gather and synthesize information from diverse sources exercise independent judgment and support and drive resolution of issues through influence rather than authority while maintaining a strong customerservice orientation.
• Consistently strong contributor to team effectiveness and quality outcomes. Understands how individual work connects to broader enterprise risk objectives and strategic priorities. Provides informal mentorship peer review and knowledge sharing to elevate overall team capability and consistency.
• Proficient in Microsoft Office tools including Copilot with the ability to leverage technology to improve analysis documentation quality efficiency and reporting.

PHYSICAL ABILITIES / WORKING CONDITIONS

Physical Demands

Ability to sit talk and hear consistently

Vision Requirements

Close vision (clear vision at 20 inches or less)

Distance vision (clear vision at 20 feet or more)

Color vision (ability to identify and distinguish colors)

Weight Lifted or Force Exerted

Ability to lift up to 10 pounds frequently and up to 25 pounds occasionally

Environmental

There are no unusual environmental factors (such as a typical office)

Noise Environment

Moderate noise (business office with computers and printers light traffic)

***This Job is not eligible to be performed in Colorado or Connecticut either remotely or in-person.***

Mountain America Credit Union is an EEO/AA/ADA/Veterans employer.