CGEIT - Certified in the Governance of Enterprise IT
SUMMARY: The Risk Management Department helps all OneAZ business units identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, vendor and technology risk.
The Security Risk and Compliance Analyst, as part of the Independent Risk Management function, is responsible for governance, oversight, and credibly challenging information security risk exposures and risk management practices through monitoring, analyzing, and developing standards for remediating risk that arises from inadequate or failed processes, people, systems, or external events, while maintaining a balance between risk mitigation and operational efficiency. The Primary functions are to assist with the day-to-day operation of the Business Continuity Management Program, Information Security Compliance Program and Third-Party Risk Management Program.
• Assist with the maintenance of policies, procedures and associated plans for disaster recovery administration, business continuity, information security compliance, and associated risk.
• Assist with aspects of actual recovery plan efforts, including initial emergency response, recovery procedures, and business resumption processes.
• Assist with business impact analyses maintenance and updates to the credit union’s critical functions.
• Assist with the development of disaster avoidance strategies, impact reduction strategies, and department-specific business continuity plans.
• Assist in coordination and support of business continuity and disaster recovery testing exercises and evaluations.
• Develop familiarity with applicable state and federal regulatory requirements, internal requirements and industry best practices related to information security management and business continuity.
• Develop and perform Information Security Risk Assessment
• Track and report on the status of Information Security Management’s compliance with regulatory and internal requirements to leadership.
• Credibly challenge appropriateness, completeness, effectiveness, and sustainability of corrective actions taken to address situations defined as issues.
• Manage the Information Security aspect of Third-Party Due diligence
• Manage the development and communication of Information Security policies, procedures, processes, systems, and internal controls.
• Stay abreast of emerging technology trends, methodologies, and practices.
• Assist with day-to-day operations of other Security Risk and Compliance processes.
• Assist with special projects as required.
• Perform other duties as assigned.
Why join the OneAZ team?
Our culture is one-of-a-kind! You’ll be joining a team of friendly, hardworking, helpful associates with the same mission guiding all that we do: We exist to improve the lives of our members, our associates and the communities we serve.
We are proud to be an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We offer robust benefits including low-cost medical, dental and vision plans, gym reimbursement, paid parental leave, generous personal days and vacation time, and an award-winning 401(k) program among many others. Take a look at our career page for detailed benefit information: www.oneazcu.com/about/careers
Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws.
All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws.
Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC).
Any individual who meets the definition of a mortgage loan originator and is employed by a federal agency-regulated institution will need to be registered on NMLS.
• 5+ years of experience one or more of the disciplines above
• Experience with evaluating the processes, risks and design and effectiveness of controls associated with Information Security Management risk
• Experience developing comprehensive report/presentations to senior management, stakeholders, and risk and management committees.
• Experience in the financial industry and technical or PCI certifications a plus
• Familiarity with risk management standards such as COBIT, ISO, PCI and NIST, business continuity management, or regulatory compliance
• Strong initiative and the ability to set and manage priorities and work successfully with minimal supervision. Must manage multiple tasks/projects while maintaining attention to detail.
• Excellent verbal, written, and interpersonal communication skills.
• Strong analytical skills with high attention to detail and accuracy
• Ability to interact with all levels of an organization.
• Ability to turn preliminary or ambiguous information, ideas, or problems into well-defined plans and solutions.
EDUCATION and/or EXPERIENCE
Bachelor's degree in Computer Science, Business Continuity, Emergency Management, Information Security Management, or related field, or the equivalent in education and work experience
Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Security Professional (CISSP), or Certified Business Continuity (CBCP) desired
Internal Number: 1617
About OneAZ Credit Union
OneAZ is an associate-focused, member-centered Credit Union. With 22 branches, we serve members all over the valley. Our Human Resources Department is proud to provide top-notch support to all of our associates each and every day. OneAZ is truly a one-of-a-kind cultural experience because we value our associates!