IT GRC Analyst II

If you are motivated and believe in the credit union philosophy of "People Helping People," join our team! The IT GRC Analyst 2 assess, tests, documents, and monitors the SECU technology ecosystem to ensure the IT control environment effectively mitigates risks associated with an everchanging threat landscape. The IT GRC Analyst will possess a wide range of technical and interpersonal skills to bridge the gap between technology organizations and the business. Must have a big-picture perspective, ability to execute end-to-end risk management processes, and ability to quickly establish trust and build productive relationships across multiple departments. The IT GRC Analyst will require expertise to perform technology risk assessments, provide input to and/or document IT policies, standards, and guidelines, develop, monitor, and track risk remediation plans, and aggregate and report key risk metrics to senior stakeholders.

Responsibilities:

20%

• Identify, document, and monitor technology risks present across both internal and external (vendor / cloud) environments 20%
• Quantify inherent and residual IT risk levels to enhance analytics, inform prioritizations, and for use in management reporting 20%
• Work with risk remediation owners to establish remediation plans with milestones and target dates, and monitor progress towards remediation, escalating as appropriate 20%
• Execute technology risk management processes and provide input to support continuous improvement of process and program design 10%
• Perform risk and controls assessments while aggregating reporting for Audit and/or Regulatory issues. 10%
• Partner with relevant stakeholders to establish clear and consistent IT risk reporting, metrics, KRIs, and KPIs to inform decision making Required Relevant Experience
• 5

Years Required Knowledge, Abilities and Skills:

• Teamwork, collaboration, self-driven and effective communication skills
• both written and verbal.
• 3+ years of IT Security and/or IT Risk Management experience working in a mid-to-large size company
• Basic proficiency or ability to learn one or more of the following:
• Risk and controls assessments
• Documenting and maintaining IT Policies / Standards
• IT Risk aggregation, reporting, KPI/KRIs
• Issues management
• Third party risk management
• Working knowledge of various industry security standards and frameworks including:

NIST, ISO 27001, ISF

Standard of Good Practice (SoGP), etc.

Desired Knowledge, Abilities, Skills:

• Knowledge of modern enterprise and security architectures, their challenges, common approaches to overcome their challenges, and their inherent security strengths and weaknesses.
• Professional certifications such as: CISSP, CISA, CISM, GIAC, CGEIT, CRISC, OSCE, or other relevant industry certification
• Experience working in a financial institution.
• Experience working within a DevOps environment.

SECU provides equal employment opportunity to all qualified persons regardless of race, color, religion, age, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or other classification protected by law. Disclaimer State Employees' Credit Union reserves the right to fill this role at a higher/lower level based on business need. State Employees' Credit Union is a not-for-profit, member-owned financial cooperative with a "Do the Right Thing" mission and a goal of helping people in our community. SECU values the differences in our staff and in our North Carolina communities. We believe that embracing the uniqueness of individuals makes our cooperative stronger, more innovative and better able to serve SECU members.