20% - Identify, document, and monitor technology risks present across both internal and external (vendor / cloud) environments
20% - Quantify inherent and residual IT risk levels to enhance analytics, inform prioritizations, and for use in management reporting
20% - Work with risk remediation owners to establish remediation plans with milestones and target dates, and monitor progress towards remediation, escalating as appropriate
20% - Execute technology risk management processes and provide input to support continuous improvement of process and program design
10% - Perform risk and controls assessments while aggregating reporting for Audit and/or Regulatory issues.
10% - Partner with relevant stakeholders to establish clear and consistent IT risk reporting, metrics, KRIs, and KPIs to inform decision making
Required Relevant Experience - 5 Years
Required Knowledge, Abilities and Skills:
Teamwork, collaboration, self-driven and effective communication skills - both written and verbal.
3+ years of IT Security and/or IT Risk Management experience working in a mid-to-large size company
Basic proficiency or ability to learn one or more of the following: * Risk and controls assessments
Documenting and maintaining IT Policies / Standards
IT Risk aggregation, reporting, KPI/KRIs
Issues management
Third party risk management
Working knowledge of various industry security standards and frameworks including: NIST, ISO 27001, ISF Standard of Good Practice (SoGP), etc.
Desired Knowledge, Abilities, Skills:
Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification
Experience working in a financial institution.
Experience working within a DevOps environment.
SECU provides equal employment opportunity to all qualified persons regardless of race, color, religion, age, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or other classification protected by law.
Disclaimer
State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need.
Additional Information
If you are motivated and believe in the credit union philosophy of "People Helping People," join our team!
The IT GRC Analyst 2 assess, tests, documents, and monitors the SECU technology ecosystem to ensure the IT control environment effectively mitigates risks associated with an everchanging threat landscape. The IT GRC Analyst will possess a wide range of technical and interpersonal skills to bridge the gap between technology organizations and the business. Must have a big-picture perspective, ability to execute end-to-end risk management processes, and ability to quickly establish trust and build productive relationships across multiple departments. The IT GRC Analyst will require expertise to perform technology risk assessments, provide input to and/or document IT policies, standards, and guidelines, develop, monitor, and track risk remediation plans, and aggregate and report key risk metrics to senior stakeholders.
Ncsecu · Operations - Raleigh - Creedmoor Rd