Information Security Governance Risk & Compliance Analyst

Pennsylvania State Employees Credit Union - Harrisburg, PA

posted 4 months ago

Full-time - Entry Level
Harrisburg, PA
5,001-10,000 employees
Credit Intermediation and Related Activities

About the position

PSECU, a high-tech progressive financial institution with more than $8 billion in assets, is seeking an Information Security GRC Analyst I or II. The Information Security GRC Analyst I is responsible for assisting in analyzing and assessing the information security controls to protect the confidentiality, integrity, and availability of PSECU's information. The individual assists in ensuring network security access and implements and documents measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure. The Information Security GRC Analyst II has a more advanced role, responsible for analyzing and assessing the information security controls to protect the confidentiality, integrity, and availability of PSECU's information. This individual ensures network and cloud security access and implements and documents measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure. The position requires participation in various security-related activities, including ensuring that resource owners/users are aware of security policies and standards, responding to internal and external audit findings, and protecting the integrity, availability, and confidentiality of network resources and data. Analysts will review audit trails, system logs, and other monitoring data sources to identify incidents and assist in incident investigations. They will also perform due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing business relationships. The role involves assisting in the development of security policies, standards, and procedures, and maintaining a systematic process for managing PSECU's information security risks. Analysts will participate throughout the system development life cycle and system acquisition and implementation initiatives, as well as conduct vulnerability assessments and generate report findings. The position is structured as a hybrid model, requiring a minimum of 40% onsite work, with a schedule of Monday to Friday from 9 am to 5 pm. PSECU offers a competitive salary, excellent benefits, and a great work environment, including medical and retirement programs, a generous leave package, and tuition reimbursement.

Responsibilities

  • Assist in ensuring that resource owners/users are aware of security policies and standards.
  • Research and respond to internal and external audit findings.
  • Assist in protecting the integrity, availability, and confidentiality of network resources and data.
  • Review audit trails, system logs, and other monitoring data sources to identify incidents and assist in incident investigations.
  • Review operation logs and event console activity to identify and determine the cause of security-related events.
  • Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
  • Assist in the development of security policies, standards, and procedures.
  • Assist in maintaining a systematic process for managing PSECU's information security risks.
  • Facilitate ITS business unit risk assessments.
  • Participate throughout the system development life cycle and system acquisition and implementation initiatives.
  • Participate in network, system, and application vulnerability assessments, generate report findings, and verify remediation activities.
  • Assist with periodic user appropriateness and high-risk privilege reviews with other departments.

Requirements

  • Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Assurance, or a related field.
  • Entry level to two years' experience in Cybersecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment for Level I.
  • Two - Four years' experience in Cybersecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment for Level II.
  • Certification in field of expertise is preferred, i.e., Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Internal Auditor (CIA) for Level I; Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) for Level II.

Nice-to-haves

  • Experience with security information and event management (SIEM) tools.
  • Knowledge of regulatory compliance frameworks such as NIST, ISO, or PCI-DSS.
  • Familiarity with cloud security practices and technologies.

Benefits

  • Competitive salary
  • Excellent medical and retirement programs
  • Generous leave package
  • Tuition reimbursement

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service