Sign upLog in

Info Sec GRC Analyst III

Pennsylvania State Employees Credit Union

Harrisburg, PA

Apply
JOB DETAILS
SKILLS
Analysis Skills, Applications Security, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, Computer Science, Computer Security, Consulting, Contract Negotiation, Control Objectives for Information and related Technology (COBIT), Documentation, Due Diligence, External Audit, ISACA (Information Systems Audit and Control Association), ISO (International Organization for Standardization), IT Requirements, ITIL (IT Infrastructure Library), Incident Management, Incident Response, Industry Standards, Information Science, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, International Information Systems Security Certification Consortium (ISC)2, Internet Security, Maintain Compliance, Network Administration/Management, Network Security, Network Systems, Operational Audit, Privacy Controls, Problem Solving Skills, Regulations, Regulatory Compliance, Reporting Skills, Risk, Risk Analysis, Risk Management, Security Analysis, Security Attacks, Security Auditing, Security Information and Event Management (SIEM), Testing, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Management
LOCATION
Harrisburg, PA
POSTED
30+ days ago

Members Achieve More isnt just a tagline for us, its part of everything we do! Were looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere thats remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on...

The Information Security GRC Analyst III is responsible for analyzing and assessing the information security controls in an effort to protect the confidentiality, integrity, and availability of PSECU's information. The individual is responsible for ensuring network and cloud security access and for implementing and documenting measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure.

Schedule: Monday - Friday 9:00am - 5:00pm

In this position, you will:

  • Monitor Compliance: Assist in protecting the integrity, availability and confidentiality of network resources and data.
  • Assist in the development and enforcement of security policies, standards, and procedures.
  • Participate in network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities.
  • Participate in the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-prem solutions.

Control and Risk Assessments:

  • Perform or coordinate control testing, assessments, and monitoring to ensure that Information Technology processes and controls are effective, functioning as designed, and managed to the appropriate level of risk.
  • Coordinate IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
  • Evaluate any related external frameworks or standards ((e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST], ISO 27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.
  • Independently conduct risk assessments to identify gaps in the control structure.

Vendor Due Diligence:

  • Participate in the vendor management and due diligence process.
  • Consult with business units when negotiating and contracting third-party service provider arrangements to ensure associated information security risks are considered.
  • Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.

Incident Response:

  • Participate in or conduct incident response investigations by using and understanding PSECU's Incident Management procedures.
  • Participate in the Incident Management Program in order to plan and respond effectively to a compromise of PSECU's IT infrastructure or to an unauthorized access and/or disclosure of sensitive company, member, or employee data.
  • Review SIEM, operational logs, and event console activity to identify and determine the cause of security related events.

Awareness Program:

  • Assist in developing Information Security and Privacy Awareness content employees, members.
  • Assist in socializing PSECU Policies and Standards to PSECU employees.

Internal Audit Coordination:

  • Collect evidence for internal and external audits.
  • Research and respond to internal and external audit findings.

Other duties as assigned.

Qualifications:

  • Bachelors: Computer and Information Science, Bachelors: Information Technology, Bachelors (Required)
  • Any equivalent combination of experience and education. | Required
  • Four - Six years of experience in CyberSecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment. | Required
  • Certified Information Security Manager (CISM) - ISACA (Information Systems Audit and Control Association), Certified Information System Auditor (CISA) - ISACA (Information Systems Audit and Control Association), Certified Information Systems Security Professional (CISSP) - ISC2

About the Company

P

Pennsylvania State Employees Credit Union