Members Achieve More isn't just a tagline for us, it's part of everything we do. We're looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere that's remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on
The Information Security GRC Analyst IV has demonstrated experience in providing leadership, coaching, and/or mentoring to a subordinate group. Is responsible for leading and providing guidance when analyzing and assessing the information security controls in an effort to protect the confidentiality, integrity, and availability of PSECU's information. The individual is responsible leading the team and for ensuring network and cloud security access and for implementing and documenting measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure. This individual will periodically attend meetings at the direction off and for the CISO. Schedule: Monday - Friday, 9:00am -5:00pm.
This position will be a hybrid model both in person and remote with minimum of onsite expectation of 40% or as needed.
In this position, you will
- Proactively Monitor Compliance: Design controls and assist in protecting the integrity, availability and confidentiality of network resources and data. Develops and enforces security policies, standards, and procedures. Participate in and lead network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities. Develop and participate in the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-prem solutions.
- Control and Risk Assessments: Direct, Perform or coordinate control testing, assessments, and monitoring to ensure that Information Technology processes and controls are effective, functioning as designed, and managed to the appropriate level of risk. Develop and coordinate IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements. Evaluate any related external frameworks or standards e.g., ITIL, COBIT, National Institute of Standards and Technology NIST , ISO 27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls. Independently conduct risk assessments to identify gaps in the control structure.
- Vendor Due Diligence: Participate in the vendor management and due diligence process. Consult and provides guidance with business units when negotiating and contracting third-party service provider arrangements to ensure associated information security risks are considered and managed. Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
- Incident Response: Conduct incident response investigations by using and understanding PSECU's Incident Management procedures. Participate in the Incident Management Program in order to plan and respond effectively to a compromise of PSECU's IT infrastructure or to an unauthorized access and/or disclosure of sensitive company, member, or employee data. Review SIEM, operational logs, and event console activity to identify and determine the cause of security related events. Understand the configuration and use of a SIEM.
- Awareness Program: Coordinate and oversee the Information Security and Privacy Awareness content for employees and members. Assist in socializing PSECU Policies and Standards to PSECU employees.
- Internal Audit Coordination: Coordinate the collection and review of evidence for internal and external audits. Research and respond to internal and external audit finding.
- Other duties as assigned.
Qualifications: Required & Prefer
Bachelors: Computer ScienceCertified Cloud Security Professional (CCSP) - The International Information System Security Certification Consortium (ISC2), Certified Information Security Manager (CISM) - ISACA (Information Systems Audit and Control Association), Certified Information Systems Security Professional (CISSP) - ISC2
Reasonable accommodation may be made to enable a qualified individual with a disability or disabilities to perform the essential duties and responsibilities of the job.
Physical Demands and Sensory Abilities:
Repetitive movement of hands and fingers (e.g. typing, writing).
Lifting and carrying containers weighing as much as 20-30 pounds (e.g. to/from building and vehicle to a storage area).
Sitting for long periods of time (e.g. at a desk, in meetings).
Ability to reach above, at, and below the waist.
Ability to reach above, at, and below shoulder level.
Occasional bending, kneeling, stooping and/or squatting.
Visual acuity.
Auditory acuity.
LI-Hybrid