GRC InfoSec Analyst

First Entertainment Credit Union

Job Location:

Hollywood, FL - USA

Hourly Salary: $ 32 - 42

Posted on: 6 days ago

Vacancies: 1 Vacancy

Job Summary

First Entertainment Credit Union is looking for a GRC Information Security (InfoSec) Analyst to supports the Credit Unions cybersecurity governance regulatory compliance and enterprise technology risk management programs. This position helps ensure the organization maintains a robust and exam-ready security posture that meets NCUA/FFIEC expectations GLBA requirements and industry best practices.

The GRC InfoSec Analyst collaborates with Technology Compliance Operations and Audit teams providing key insights regarding cybersecurity risk vendor security emerging threat trends and control effectiveness. The role also assists in embedding cyber governance processes across the enterprise driving secure innovation and maintaining member trust.

This is a full-time hybrid opportunity in our Los Angeles office and reporting to the VP ERM. The targeted pay in California is between $32 to $42 per hour.

Responsibilities

Assist with the development implementation and ongoing improvement of the Information Security Governance Program. Which include maintaining information security policies standards and procedures and coordinating annual reviews.
Map policies and processes to framework such as NIST CSF NIST 800-53 ISO 27001 and CIS controls.
Support the maintenance of security policies standards and frameworks aligned with NIST CSF NIST 800-53 CIS Controls and ISO 27001.
Collect and analyze cyber metrics KRIs/KPIs risk dashboards and board-level reporting data.
Prepare materials to help present cybersecurity posture risks and remediation strategies to the Board Supervisory Committee and Executive Leadership.
Lead the Business Impact Assessment and BCP and Disaster Recovery process.
Execute oversight for IT and applicable stakeholders.
Conduct information security risk assessments as per process aid in the risk evaluation of Application Infrastructure Cloud environments and Third-party vendors (evaluate SOC reports security certifications cyber security and penetration test reports.
Perform control testing and help coordinate audit responses and remediation
Help coordinate IT General Controls testing and Penetration Testing for First Ent.
Work daily alerts and patch management and software updates/releases
Track security incidents document root cause and monitor remediation actions
Board reporting on cyber health and Information security maturity
Contribute to continuous improvement initiatives for cyber maturity (ACET/CAT).
Performs other ERM/GRC duties in Operations Compliance and Vendor Management as directed.

At First Entertainment your role and every role are essential to our Mission We build lifelong financial relationships with the people in entertainment based on a deep understanding of how they live and work Core Values Members First Ownership Integrity Innovation Inclusivity One Team and we expect you to uphold them.

Requirements

Bachelors degree in Information Security Cybersecurity Computer Science Information Technology or a related field.
2 years of experience as an Analyst in information security GRC technology risk management or a related discipline within financial services or a highly regulated environment.
Strong understanding of information security frameworks including NIST CSF NIST 800-53 CIS Controls and ISO 27001.
Demonstrated experience supporting or managing regulatory compliance programs (NCUA FFIEC GLBA).
Excellent analytical problem-solving and organizational skills.
Strong written and verbal communication skills with the ability to present technical concepts to non-technical audiences.
Proficiency with risk management tools reporting dashboards and relevant cybersecurity technologies.
Professional certifications such as CISA CISM CRISC CISSP or similar preferred but not required.
Experience in vendor risk management third-party assessments or supply chain security a plus.
Familiarity with cyber maturity models such as ACET or CAT preferred.
Project management experience and/or relevant certifications (e.g. PMP CAPM) are a plus.
Demonstrated ability to drive process improvement and influence cross-functional teams.

First Entertainment Credit Union does not utilize artificial intelligence (AI) tools in any part of the hiring process. This includes reviewing applications analyzing resumes or evaluating candidate responses. All hiring decisions are made exclusively by our hiring teams in compliance with applicable employment laws and regulations to ensure fairness transparency and equal opportunity.

Required Experience:

First Entertainment Credit Union is looking for a GRC Information Security (InfoSec) Analyst to supports the Credit Unions cybersecurity governance regulatory compliance and enterprise technology risk management programs. This position helps ensure the organization maintains a robust and exam-ready ...

This is a full-time hybrid opportunity in our Los Angeles office and reporting to the VP ERM. The targeted pay in California is between $32 to $42 per hour.

Responsibilities

Assist with the development implementation and ongoing improvement of the Information Security Governance Program. Which include maintaining information security policies standards and procedures and coordinating annual reviews.
Map policies and processes to framework such as NIST CSF NIST 800-53 ISO 27001 and CIS controls.
Support the maintenance of security policies standards and frameworks aligned with NIST CSF NIST 800-53 CIS Controls and ISO 27001.
Collect and analyze cyber metrics KRIs/KPIs risk dashboards and board-level reporting data.
Prepare materials to help present cybersecurity posture risks and remediation strategies to the Board Supervisory Committee and Executive Leadership.
Lead the Business Impact Assessment and BCP and Disaster Recovery process.
Execute oversight for IT and applicable stakeholders.
Conduct information security risk assessments as per process aid in the risk evaluation of Application Infrastructure Cloud environments and Third-party vendors (evaluate SOC reports security certifications cyber security and penetration test reports.
Perform control testing and help coordinate audit responses and remediation
Help coordinate IT General Controls testing and Penetration Testing for First Ent.
Work daily alerts and patch management and software updates/releases
Track security incidents document root cause and monitor remediation actions
Board reporting on cyber health and Information security maturity
Contribute to continuous improvement initiatives for cyber maturity (ACET/CAT).
Performs other ERM/GRC duties in Operations Compliance and Vendor Management as directed.

Requirements

Bachelors degree in Information Security Cybersecurity Computer Science Information Technology or a related field.
2 years of experience as an Analyst in information security GRC technology risk management or a related discipline within financial services or a highly regulated environment.
Strong understanding of information security frameworks including NIST CSF NIST 800-53 CIS Controls and ISO 27001.
Demonstrated experience supporting or managing regulatory compliance programs (NCUA FFIEC GLBA).
Excellent analytical problem-solving and organizational skills.
Strong written and verbal communication skills with the ability to present technical concepts to non-technical audiences.
Proficiency with risk management tools reporting dashboards and relevant cybersecurity technologies.
Professional certifications such as CISA CISM CRISC CISSP or similar preferred but not required.
Experience in vendor risk management third-party assessments or supply chain security a plus.
Familiarity with cyber maturity models such as ACET or CAT preferred.
Project management experience and/or relevant certifications (e.g. PMP CAPM) are a plus.
Demonstrated ability to drive process improvement and influence cross-functional teams.