Third-Party Risk & Senior InfoSec Analyst
OneAZ Credit Union · Phoenix, AZ · 1 wk ago
Sales$84k–$105k/yrFull-time
Who You Are
You’re impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let’s build something great together.
What You’ll Do
- Perform risk-based due diligence and ongoing monitoring of third-party vendors
- Review and analyze Security questionnaires
- Review and analyze SOC 1 / SOC 2 reports
- Review and analyze Business continuity and disaster recovery documentation
- Document vendor risk assessments and identify control gaps
- Drive remediation efforts and follow up with business owners and vendors
- Maintain vendor risk inventory and supporting documentation
- Aid in preparing reports for management and regulatory exams
- Escalate overdue remediation items and unresolved control gaps
- Support coordination of incident response activities (cybersecurity, and security/operational incidents)
- Track incidents from identification through resolution
- Manage incident documentation, evidence tracking, and record maintenance
- Aid in post-incident reviews, including root cause analysis and lessons learned
- Support development and maintenance of incident response procedures and playbooks
- Coordinate with IT and compliance teams to ensure timely execution of security operational requirements
- Ensure documentation is complete, organized, and audit-ready
- Identify and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture
- Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures
- Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels
What You Bring
- A High School Diploma or GED
- A Bachelor's Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
- 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
- Understanding of vendor risk management and due diligence practices
- Familiarity with SOC reports and basic control frameworks
- Working knowledge of incident response lifecycle and documentation
- Strong attention to detail and documentation discipline
- Ability to manage multiple priorities and meet deadlines
- Effective written and verbal communication skills
- Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders
- Strong written and verbal communication with consistent escalation and status reporting discipline
Compensation & Benefits
- Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time
- Low-cost Medical, Dental & Vision plans
- Paid childcare assistance
- Award-winning 401K
- Gym fee reimbursement
- Tuition Reimbursement
- Student loan repayment
Additional Notes
- Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights.
- Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws.
- All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws.
- Any individual who meets the definition of a mortgage loan originator (MLO) and is employed by a federal agency-regulated institution will need to be registered on the Nationwide Mortgage Licensing System (NMLS).
- Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC).
Position Grades
Position grades could fluctuate based on market value.
Apply for this job
* indicates a required field