Job Description

Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.

We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.

We believe that work should be rewarding, challenging, and enjoyable. Were dedicated to creating a positive and supportive culture where our team members can thrive. If youre looking to use your skills and knowledge to make a difference in our members lives, Patelco could be the perfect fit for you.

The Senior Analyst, Security Governance Risk & Compliance will be responsible for supporting and enhancing the Patelco Security GRC program by identifying, assessing and managing risks while ensuring adherence to internal policies, industry standards and regulatory requirements. This role collaborates with business and technology teams to strengthen risk management practices, maintain security and compliance frameworks, and drive continuous improvement in Patelcos overall security posture.

• Supports the development and on-going management of the Security Governance, Risk & Compliance program
• Develops and maintains security standards, process documentations and control objectives
• Develops and maintains security control mappings to relevant frameworks
• Matures and enhance the information security awareness and training program
• Performs and manages the Information Security, Information Technology and Third-Party risk assessments
• Develops and maintains the risk and controls register and monitor risk treatment strategies and control effectiveness
• Monitor and escalate unresolved security issues, exposures, misuse, policy violations and other non-compliance situations to Security Leadership
• Provide continuous tracking and monitoring of Security Program metrics
• Work closely with First Line of Defense teams, to identify potential security weaknesses, define potential impact and develop effective mitigation strategies
• Collaborate with Internal Audit and Compliance teams for security and technology audit-related activities
• Monitor industry regulatory environment for impact on security programs and changes to security compliance standards
• Performs other duties as may be assigned

Minimum Qualifications

• Bachelors degree in Information Technology or similar field of interest or equivalent work experience.
• Professional certifications in Information Security, Risk Management and/or Compliance is preferred - CISSP, CISA, CRISC, etc.
• Minimum of 10 years in Information Security with GRC as focus area.
• Minimum of 5 years with Third Party Risk Management
• Minimum of 5 years performing qualitative and quantitative IT/IS risk assessments
• Extensive experience with Information Security and Risk Management standards, practices, methods, frameworks including NIST, PCI, ISO 27001, ISO 27005, FAIR, OCTAVE, etc.
• General understanding of security risks and trends, security compliance assessments, and audits.
• Strong experience in developing information security documentation standards, procedures and guidelines

Physical Activities/Requirements

• Standing requirements - May need to stand for long periods of time.
• Sitting requirements - Prolonged periods of sitting at a desk and working on a computer.

$115,548-$144,435 per year

Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.

Physical Health:

• Exceptional Medical, Dental, Vision, and Life Insurance benefits
• Onsite fitness center at HQ and rewards for completing wellness related activities

Financial Health:

• Competitive compensation packages with bonus opportunity
• 401(k) with 3% Safe Harbor and 5% employer match
• Discounts on loan products
• Tuition reimbursement

Emotional Health:

• Employee Assistance Program (EAP)
• PTO for part-time and full-time positions
• Paid holidays

Personal Development:

• On-the-job training and skills development

• Internal transfer opportunities for career growth
• Volunteer work

Flexible work arrangements available for specific positions

Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans

IND123

Minimum Qualifications

• Bachelors degree in Information Technology or similar field of interest or equivalent work experience.
• Professional certifications in Information Security, Risk Management and/or Compliance is preferred - CISSP, CISA, CRISC, etc.
• Minimum of 10 years in Information Security with GRC as focus area.
• Minimum of 5 years with Third Party Risk Management
• Minimum of 5 years performing qualitative and quantitative IT/IS risk assessments
• Extensive experience with Information Security and Risk Management standards, practices, methods, frameworks including NIST, PCI, ISO 27001, ISO 27005, FAIR, OCTAVE, etc.
• General understanding of security risks and trends, security compliance assessments, and audits.
• Strong experience in developing information security documentation standards, procedures and guidelines

Physical Activities/Requirements

• Standing requirements - May need to stand for long periods of time.
• Sitting requirements - Prolonged periods of sitting at a desk and working on a computer.

• Supports the development and on-going management of the Security Governance, Risk & Compliance program
• Develops and maintains security standards, process documentations and control objectives
• Develops and maintains security control mappings to relevant frameworks
• Matures and enhance the information security awareness and training program
• Performs and manages the Information Security, Information Technology and Third-Party risk assessments
• Develops and maintains the risk and controls register and monitor risk treatment strategies and control effectiveness
• Monitor and escalate unresolved security issues, exposures, misuse, policy violations and other non-compliance situations to Security Leadership
• Provide continuous tracking and monitoring of Security Program metrics
• Work closely with First Line of Defense teams, to identify potential security weaknesses, define potential impact and develop effective mitigation strategies
• Collaborate with Internal Audit and Compliance teams for security and technology audit-related activities
• Monitor industry regulatory environment for impact on security programs and changes to security compliance standards
• Performs other duties as may be assigned

Job Tags

Similar Jobs