Senior Cyber and Technology Risk Analyst

About the role

Please reference the schedule and minimum qualifications listed below before applying. If you need assistance with filling out our application form or during any phase of the application, interview, or employment process, please notify our Human Resources Team at 801-366-6947 option 1 or email macurecruiting@macu.com and every reasonable effort will be made to accommodate your needs in a timely manner. Job Summary The Senior Cyber and Technology Risk Analyst serves as a member of the Cyber and Technology Risk Management team in our second line of defense. This role participates in the design and implementation and maturity of our cyber and technology risk management program. The Senior Cyber and Technology Risk Analyst provides subject-matter expertise, guidance and monitoring of the first line Cybersecurity and Technology control environment and teams to support effective management of cyber, technology, and data risk within the Credit Union's risk appetite. This role operates with established risk frameworks and governance structures and guidance from senior team leaders. Complex or enterprise level decisions remain subject to leadership review and approval. Job Description LOCATION Mountain America Center - Hybrid 9800 S Monroe St Sandy, UT 84070 SCHEDULE Full Time; this is a hybrid schedule with some weekly in office expectation, based on business need. To be effective, an individual must be able to perform each job duty successfully. Contribute to strategic direction and participate in the execution of roadmap to enhance MACU's cybersecurity and technology risk management capabilities. Help shape priorities, sequencing, and success measures for assigned program areas. Actively assist leadership in developing project plans, roadmaps and status reporting for risk assessments, control testing, standards and training documentation, and other risk management activities. Develop and implement testing approaches and strategies to assess the design and operating effectiveness of controls. Lead the design, conduct, and document tests of controls, process walkthroughs, and risk assessments to evaluate design and effectiveness. Intake, triage, analyze, and rate (inherent/residual) cybersecurity and technology risks in collaboration with subject matter experts and risk owners. Facilitate alignment and drive completion of risk treatment decisions. Coordinate and perform continuous monitoring of risk treatment activities. Assess risk and control gaps of IT systems, processes, and procedures. Ensure control gaps and other risk issues are documented and reported. Review remediation plans and provide feedback to ensure plans are sufficient to ensure sustainable remediation. Monitor remediation progress, identify blockers, and escalate concerns when risk reduction is not on track. Evaluate and provide guidance to first line of defense Cybersecurity and Technology teams related to their standards, processes, controls, and risk exceptions. Research, understand, and interpret regulations and frameworks that relate to cybersecurity, technology, privacy, and data. Stay aware of changes and educate key stakeholders regarding changes to existing and new regulations and recommended response considerations for MACU. Work closely with the risk owners and Legal, Risk Management, and Compliance teams to ensure compliance with applicable laws and regulations. Develop and maintain procedures and training related to risk frameworks, standards, and roles and responsibilities for first line Cybersecurity and Technology teams to ensure effective identification of risks, implementation of controls, monitoring of controls, and reporting on the control environment and any corresponding issues or risks. Improve adoption by translating expectations into actionable guidance and job aids. Actively identify and lead implementation of process improvements and efficiencies. Support regular and ad-hoc reporting on findings, metrics, and recommend mitigations to first and second line of defense leadership. This includes ad-hoc and scheduled meetings with leadership and risk owners. Coordinate and oversee third-party independent risks assessments as necessary to improve the IT risk program and control environment. Define scope, evaluate outputs, and ensure recommendations are actionable. Review and provide guidance and quality control for technology and security related Key Risk Indicators (KRIs). Improve the reliability, definition, and thresholds so KRIs drive decisions and action. Lead special projects and perform other duties as assigned. KNOWLEDGE, SKILLS, and ABILITIES The requirements listed are representative of the knowledge, skills, and/or abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions. Education and Experience Bachelor's degree in Information Security, Computer Science, Information Management, Business or related field or equivalent combination