Please reference the schedule and minimum qualifications listed below before applying.

If you need assistance with filling out our application form or during any phase of the application, interview, or employment process, please notify our Human Resources Team at 801-366-6947 option 1 or email macurecruiting@macu.com and every reasonable effort will be made to accommodate your needs in a timely manner.

Job Summary

Sr Cyber Risk Analyst position requires a risk professional with strong knowledge of risk management, cybersecurity and information technologies, and best practices. The Sr Cyber Risk Analyst is responsible for assisting in the design, implementation, monitoring, and governance of Mountain America Credit Union’s (MACU’s) information security framework. The Sr Cyber Risk Analyst assists in maintaining technology risk management programs to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are protected in the digital ecosystem in which we operate. Responsibilities also include second line reporting, monitoring, and assessment of the information systems security program (ISSP).

Job Description

LOCATION

Mountain America Center - Hybrid:

9800 S Monroe St
Sandy, UT 84070

SCHEDULE

Full Time

To be effective, an individual must be able to perform each job duty successfully.

• Develop testing strategies to assess the design and operating effectiveness of controls
• Create documentation and governance standards, procedures, flowcharts, guidelines, templates, roles and responsibilities definitions, and training material for 1st and 2nd line teams
• Innovate and improve processes and documentation, using artificial intelligence (AI) and other tools as appropriate
• Perform and document process and control walkthroughs and testing
• Review and provide feedback on team member control testing, risk assessments, procedures, standards, and reports to improve and maintain quality
• Assist in managing, monitoring and continuous improvement of a risk-based comprehensive enterprise security program across all IT and cyber-security risk domains including cyber risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, cyber incident management, and resilience 
• Lead risk assessments and testing across all IT and cyber-security risk domains to ensure that appropriate controls are in place and are effective, report on findings
• Assist in developing project plans, roadmaps and status reporting for process walkthroughs, process documentation, risk assessments, control testing, standards and training documentation, and other activities as needed
• Assist in reporting on first line information security awareness training programs for all employees, contractors, and approved system users related to effectiveness according to risk appetite and tolerances
• Monitor and influence information security and IT projects and initiatives to ensure appropriate risk management and reporting
• Work with 1st line IT and IT Security teams to ensure information security programs are in compliance with relevant laws, regulations, and policies to minimize risk and audit findings
• Participate in and report on security incidents and events managed through the first line Incident Response Program to protect corporate and IT assets, including intellectual property, regulated data, and reputation
• Ensure organization's capability to analyze and mitigate security threats
• Ensure compliance with regulatory information security and privacy mandates, including providing compliance reports and findings
• Assist MACU business units in preparing for regulatory exams (e.g., NCUA, CFPB, etc.)  and audits to improve the organization's risk posture
• Assist in managing Issues Management and Exception Management processes and reporting for information security and IT issues
• Review and provide quality control for critical IT and information security related KRIs / KPIs reporting and processes
• Perform critical IT risk assessments and testing for cloud-based and on-premises technologies and related business processes
• Train 1st line IT and Information Security teams on risk concepts
• Develop relationships throughout business, including IT, Information Security, Risk, and Compliance to influence decision makers
• Provide training in risk identification and risk mitigation strategies in the information security and technology domains
• Assist in build-out of Archer GRC information security solutions to improve efficiency and effectiveness of governance, risk, and control activities
• Work closely with the Enterprise Risk Management Team and the first-line Information Security and IT teams
• Partner with business stakeholders across the company to raise awareness of risk management concerns
• Balance the protection of information assets with the needs of the business and organizational priorities
• Perform other duties as assigned

KNOWLEDGE, SKILLS, and ABILITIES

The requirements listed are representative of the knowledge, skills, and/or abilities required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions.

Experience

• 5+ years of relevant experience in IT audit, information security and risk management (audit and professional services experience preferred)
• Working knowledge of cloud security, platforms, and services, including understanding of current security offerings from leading cloud service providers (e.g., AWS/Azure), and their applicability to securing a SaaS enterprise security environment
• Experience in the evaluation and implementation of industry standard enterprise-wide information security technologies and concepts, including but not limited to: Application Security, Cloud Security (AWS), Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management and Identity and Access Management.
• Clear understanding of relevant information security governance, technical and security standards and regulations
• Familiarity with industry security standards and regulations including FFIEC guidelines, Gramm-Leach-Bliley Act (GLBA), NIST 800-171, NIST 800-53, NIST CSF 2.0, NIST 800-30, PCI-DSS, SOC 2, ISO 27001 and ISO 27018 as well as current data privacy regulations, including GDPR and regional standards.
• Knowledge of networking and network security
• Understanding of Secure SDLC and DevSecOps or security automation
• Ability to work under pressure across multiple stakeholders
• Excellent written and communication skills and ability to communicate across all levels of an organization

Education

• Bachelor’s degree in Information Security, Computer Science, Information Management, Business or related field.  Master’s Degree in Business Administration, Computer Science or Information Systems preferred. Education must be from an accredited institution and will be verified.

Licenses, Certifications, Registrations

CISSP, CISM and/or CISA certification or equivalent preferred.

Computer/Office Equipment Skills

• Advanced skills with Microsoft Office Suite including Outlook, Word, PowerPoint, and Excel
• Understanding of network security products (firewalls, intrusion prevention/detection, 802.1x, TACACS, wireless security).  Antivirus/Antimalware products.  SIEM (Security information event management) tools. Server, end point, network device, operating system, and database hardening best practices.  Application layer firewalls.

Language Skills 

• Demonstrated ability to clearly express ideas, methodology, results and recommendations verbally, in writing and through insightful reports and graphic illustrations
• Demonstrated ability to document outcomes and present information in a manner appropriate for key stakeholders and all levels of the organization.
• An unpretentious and calm approach to problem solving paired with an unwavering bias to action.

Other Skills and Abilities

• Demonstrated experience in cybersecurity best practices, cybersecurity threats and risk mitigation and resolution with extensive working knowledge of large-scale IT environments that have a wide range of different technologies in a highly integrated technology landscape.
• Strong network within the IT security community contacts and the ability to represent Mountain America Credit Union.
• Proven ability to work and implement in a fast-paced environment with multiple priorities which require strong project management and decision-making capabilities.
• Proven ability to strategically design and tactically implement Information security controls. This position will be a bridge builder capable of establishing relationships and trusted partnerships with IT and business colleagues, at all levels of the organization.
• Excellent at team building and motivating people. Skilled at accomplishing goals through others. Proficient at being a teacher, mentor and coach.
• Strong collaborative problem solving and customer service skills that demonstrate the ability to gather and analyze information and identify and resolve issues or improve processes in a timely manner.

PHYSICAL ABILITIES / WORKING CONDITIONS (the information below is standard to most MACU jobs.  Please confirm the weight requirements, vision etc.)

Physical Demands

Ability to sit, talk and hear consistently

Ability to stand, walk, and use hands to handle or reach occasionally

Vision Requirements

Close vision (clear vision at 20 inches or less)

Distance vision (clear vision at 20 feet or more)

Weight Lifted or Force Exerted

Ability to lift up to 30 pounds occasionally

Environmental

There are no unusual environmental factors (such as a typical office)

Noise Environment

Moderate noise (business office with computers and printers, light traffic)

***This Job is not eligible to be performed in Colorado or Connecticut, either remotely or in-person.***

#LI-FB1

Mountain America Credit Union is an EEO/AA/ADA/Veterans employer.