The Senior Information Security Governance Analyst will specialize as a subject matter expert and will be accountable at an intermediate to advanced level in Information Security asset and third party risk compliance and security controls. Controls include but are not limited to third party vendor risk assessments, vendor information security due diligence reviews, audit responses, information security training, IT asset risk assessments, access controls, data classification and remediation advisement.
This role will be part of the Security Governance Group lead by the Director of Information Security Governance under the direction of the CTO with advisory services from vCISO. The role will: lead compliance and regulatory requirement efforts, develop solutions and processes that further the goals of the organization while ensuring the protection of our information. This role will work closely with Legal, Compliance, Enterprise Risk Mgt, HR, Physical Security, and IT teams to develop of a comprehensive practice/controls program and will contribute artifacts to the Information Security Steering Committee.
Accountabilities and Responsibilities
Leads third party and cloud-based security governance and compliance Assists in creating and monitoring information security policy, standards, controls and procedures Leads security education and awareness Leads review of information security incident outcomes to improve posture Assists incident response team in response and action plans in the event of a data security threat or issue. Supports Internal Audit with governance expertise Leads alignment of security operations to policies, standards, and procedures Contributes, maintains and reports on Key Performance and Risk Indicators (KRI/KPI) Other duties as assigned
- Provides security governance and compliance expertise to inform the cyber risk operations control and response program
- Proactively identifies and develops solutions to data security issues by working with multiple teams
- Effectively communicates information security compliance to stakeholders
- Fosters strong relationships with IT leadership and process owners
- Works closely with outsourced SOC or other third parties in the identification, escalation, and resolution of all security related incidents
- Leads and contributes to outcomes for:
- Vendor risk assessments and due diligence
- IT asset risk assessments
- Corporate delivery of Information security training
- Security posture improvements
- Audit interface and remediation
- Access controls
- Data Classification
Credentials, Experience and Skills
- Bachelors Degree in Computer Science, MIS or related field of study; or any equivalent combination of relevant work experience and training.
- 5-10 or more years of overall information security experience.
- Certified CISSP, CRISC, CIA, CISM, Security+ or relevant experience
- Experience working with security frameworks (GLBA, COBIT, NIST, ISO etc.)
- Working experience in IT Risk Assessments
- Superior organizational skills and attention to detail
- Excellent interpersonal, writing and communication skills
- Ability to constantly prioritize and change or adapt to ambiguous situations
- Experience identifying and implementing creative process improvement solutions
- Knowledge of cloud security and cloud security controls
- Occasional travel
- Your ability to be bonded is required
Established in 1934, today SEFCU (State Employees Federal Credit Union) is among the 50 largest credit unions in the U.S. with more than $3.5 billion in assets, 330,000 members, and 50 branches in the Capital Region, Binghamton, Syracuse, and Buffalo. SEFCU is committed to Changing Lives Every Day through the donation of time, talent, and treasure.