Basic Purpose

This role is specifically designated as an Operational Risk Management (ORM) role for Issue Management. The Contractor Analyst will be experienced in risk management, issue management, risk and control self-assessments (RCSA), and have an understanding of security standards, and familiarity with risk and compliance (GRC) tool operations. The Analyst will understand how the ORM framework applies to the business and be able to articulate the need for issue management. The Contractor Analyst will be responsible for supporting the daily operations of issue management and partnering with groups across security, IT and business risk teams. A successful candidate will be required to research issues, support the business in ensuring issues are captured timely, ensure issues are correctly risk assessed and remediation plans are documented and align to the underlying root cause.

Responsibilities

  • Attend meetings with stakeholders within security, IT and across the credit union to assess and encourage the need for submitting issues impacting information security.
  • Aid in the development of remediation plans.
  • Facilitate root cause analysis
  • Assess the impact and likelihood of an issue and provide justification for the ratings
  • Leverage various communication channels to obtain required information.
  • Work within the Logic Manager (GRC) platform
  • Support metrics and reporting focused on issues and event processes.
  • Aid business partners in understanding the importance of issue management.
  • Keep current with Information Security best practices and industry trends, and communicate/apply these practices to policy improvements and compliance actions.
  • Perform other duties as assigned

Qualifications

  • Experience in the credit union/financial services industry with a focus on regulatory frameworks, information security assessments, and remediation activities
  • Experience managing issues from identification to remediation
  • IT Audit or first line IT or security risk experience a plus
  • Desired knowledge of NCUA, FFIEC, BSA/AML, NIST (including the Cyber Security Framework and 800 Series)
  • Effective planning and organizational skills
  • Effective research, analytical and problem solving skills
  • Strong verbal, written and interpersonal communication skills, including technical writing
  • Desired Bachelor Degree in business, information systems or related field or equivalent work/military experience
  • Ability to present findings and conclusions clearly and concisely
  • Experience in working with all levels of staff, management, stakeholders, and third parties
  • Ability to build effective relationships through rapport, trust, diplomacy, and tact
  • Strong word processing and spreadsheet software skills