Assist with the development, implementation, and ongoing improvement of the Information Security Governance Program. Which include maintaining information security policies, standards and procedures and coordinating annual reviews.
Map policies and processes to framework such as NIST CSF, NIST 800-53, ISO 27001 and CIS controls.
Support the maintenance of security policies, standards, and frameworks aligned with NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
Collect and analyze cyber metrics, KRIs/KPIs, risk dashboards, and board-level reporting data.
Prepare materials to help present cybersecurity posture, risks, and remediation strategies to the Board, Supervisory Committee, and Executive Leadership.
Lead the Business Impact Assessment and BCP and Disaster Recovery process.
Execute oversight for IT and applicable stakeholders.
Conduct information security risk assessments as per process, aid in the risk evaluation of Application, Infrastructure, Cloud environments and Third-party vendors (evaluate SOC reports, security certifications, cyber security and penetration test reports.
Perform control testing and help coordinate audit responses and remediation
Help coordinate IT General Controls testing and Penetration Testing for First Ent.
Work daily alerts and patch management and software updates/releases
Track security incidents, document root cause and monitor remediation actions
Board reporting on cyber health and Information security maturity
Contribute to continuous improvement initiatives for cyber maturity (ACET/CAT).
Performs other ERM/GRC duties in Operations, Compliance and Vendor Management as directed.

Requirements

Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
2+ years of experience as an Analyst in information security, GRC, technology risk management, or a related discipline within financial services or a highly regulated environment.
Strong understanding of information security frameworks, including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
Demonstrated experience supporting or managing regulatory compliance programs (NCUA, FFIEC, GLBA).
Excellent analytical, problem-solving, and organizational skills.
Strong written and verbal communication skills with the ability to present technical concepts to non-technical audiences.
Proficiency with risk management tools, reporting dashboards, and relevant cybersecurity technologies.
Professional certifications such as CISA, CISM, CRISC, CISSP, or similar preferred but not required.
Experience in vendor risk management, third-party assessments, or supply chain security a plus.
Familiarity with cyber maturity models such as ACET or CAT preferred.
Project management experience and/or relevant certifications (e.g., PMP, CAPM) are a plus.
Demonstrated ability to drive process improvement and influence cross-functional teams.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information security governanceNIST CSFNIST 800-53ISO 27001CIS controlscyber metricsrisk assessmentscontrol testingpatch managementvendor risk management

Soft Skills

analytical skillsproblem-solving skillsorganizational skillswritten communicationverbal communicationpresentation skillsprocess improvementinfluencecollaborationleadership

Certifications

CISACISMCRISCCISSPPMPCAPM