Who we are:
Founded in 1937, MSU Federal Credit Union is owned and operated by members of the Michigan State University and Oakland University communities. We offer financial services to MSU and OU faculty, staff, students, alumni association members, and their families as well as a variety of select employee groups.
A day in the life of a Information Security Compliance Analyst
The Information Security Compliance Analyst is responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. In carrying out these functions, the Information Security Compliance Analyst's responsibilities include the identification, evaluation and interpretation of regulatory and member security requirements, control deficiencies and information security risks.
Responsibilities
•Analyze managerial and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures, and standards.
•Map regulatory requirements across information security systems and strategies to identify and close gaps.
•Collaborate with Internal Audit and Risk Management teams to collect artifact deliverables during internal and external exams.
•Assist in evaluating any related external frameworks or standards (e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST] IT Standards, ISO 27001/27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls. Maintain up-to-date records of requirements and corresponding mitigating controls.
•Monitor third-party risk assessments and assist in performing internal risk assessments.
•Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
•Monitor the change management process to ensure compliance.
•Develop key performance metrics to track and ensure compliance with established policies and standards.
•Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
•Develops new, and updates existing information security policies, standards, guidelines and procedures based on industry best practices and regulatory requirements.
•Contribute to business continuity and disaster recovery efforts.
•Participate in the change management process to ensure compliance is met to various security frameworks or internal policies and procedures.
•Document compliance findings and risks as well as provide recommendations for remediation.
•Performs other job-related duties, as assigned.
What you can bring to MSUFCU:
•Bachelor's degree in Information Security, Compliance, or other Computer Science field desired.
•Knowledge and understanding of CIS, NIST and SOC-2 information security standards.
•Working knowledge of common IT security-related regulations and/or National Credit Union Association regulations highly desired.
•Five years of experience conducting security control assessments or audits is preferred.
•At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired.
•Must have excellent written, verbal, and interpersonal communication skills along with the ability to present and explain information effectively for non-technically inclined individuals.
•In depth understanding of computers, networks and the internet, including internet and network communication protocols, standards and Information Security, network security engineering, enterprise data networking, worldwide security threats, common exploits, etc. and their potential effect on the credit union's information technology and member data assets.
•Ability to read and understand complex computer system documentation.
•Knowledge of overall credit union operations.
•Ability to use good judgment to solve problems efficiently and accurately and handle complex details.
•Ability to work with a high degree of independence, yet also maintain professional and effective working relationships with team members, vendors, auditors and examiners.
•Multi-task orientation to handle a number of tasks at once while remaining flexible to changing requirements and priorities.
•Ability to meet deadlines in a timely manner and collaborate effectively in teams with all levels of the organization.
•Ability to maintain security documentation and manuals.
•Must have strong analytical and critical-thinking skills.
•High-level of attention to detail and be a self-starter with ability to work independently, multi-task and adjust to shifting priorities.
•Maintain a current working knowledge of applicable privacy laws, and monitor advancements in information privacy and security technologies to ensure adaptation and compliance
MSUFCU1
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities