SR Cybersecurity Risk, Compliance and Control Assurance Analyst

Patelco Credit Union is a not-for-profit credit union with a purpose to build financial health and wellbeing for our members. Since 1936, Patelco has grown from $500 in assets to over $9 billion in assets and is the 7th largest credit union in California with branches throughout Northern California.

We are here for our members throughout all their stages of life. Meeting them with the products and services to help them plan purposefully for their futures and to secure our life-long partnership as their trusted financial advocate. As one team, we are all committed to delivering service, empowering financial literacy, creating products, and providing new technology for our members.

We believe that work should be rewarding, challenging, and enjoyable. We’re dedicated to creating a positive and supportive culture where our team members can thrive. If you’re looking to use your skills and knowledge to make a difference in our members’ lives, Patelco could be the perfect fit for you.

The Senior Cybersecurity Control Assurance Analyst will be responsible for supporting and enhancing Patelco’s Security GRC program by identifying, assessing and managing risks while ensuring adherence to internal policies, industry standards and regulatory requirements. This role collaborates with business and technology teams to strengthen risk management practices, maintain security and compliance frameworks, and drive continuous improvement in Patelco’s overall security posture.

• Supports the development and on-going management of the Security Governance, Risk & Compliance program
• Lead independent testing of information security controls across key security domains, to validate design and operating effectiveness
• Develop and execute risk-based control testing plans, aligned to regulatory expectations (e.g. GLBA, NCUA, FFIEC) and internal control frameworks
• Challenge and validate 1LOD control evidence and assertions for completeness and accuracy
• Lead security and risk issue identification and lifecycle tracking, including root cause analysis, severity rating and validation of remediation actions
• Supports the development and on-going management of the Security Governance, Risk & Compliance program
• Develops and maintains security standards, process documentations and control objectives
• Matures and enhance the information security awareness and training program
• Performs Information Security, Information Technology and Third-Party risk assessments
• Maintains the risk and controls register and monitor risk treatment strategies and control effectiveness
• Monitor and escalate unresolved security issues, exposures, misuse, policy violations and other non-compliance situations to Security Leadership
• Provide continuous tracking and monitoring of Security Program metrics
• Work closely with First Line of Defense teams, to identify potential security weaknesses, define potential impact and develop effective mitigation strategies
• Collaborate with Internal Audit and Compliance teams for security and technology audit-related activities
• Contribute to the continuous improvement of the control assurance program, including testing methologies, standard operating procedures and automation opportunities.
• Monitor industry regulatory environment for impact on security programs and changes to security compliance standards
• Understand and comply with all applicable federal and state laws and banking regulations (including those related to OFAC and Bank Secrecy Act / Anti-Money Laundering compliance) and Patelco Credit Union's policies and procedures. 

• Bachelor’s degree in information technology or similar field of interest or equivalent work experience.
• Professional certifications in Information Security, Risk Management and/or Compliance is preferred - CISSP, CISA, CRISC, etc.
• Minimum of 10 years in Information Security with GRC as focus area.
• Minimum of 5 years with Third Party Risk Management
• Minimum of 5 years performing qualitative or quantitative IT/IS risk assessments
• Extensive experience with Information Security and Risk Management standards, practices, methods, frameworks including NIST, PCI, ISO 27001, ISO 27005, FAIR, OCTAVE, etc.
• General understanding of security risks and trends, security compliance assessments, and audits.
• Strong experience in developing information security documentation – standards, procedures and guidelines.
• Standing requirements - May need to stand for long periods of time.
• Sitting requirements - Prolonged periods of sitting at a desk and working on a computer
• Must have experience with GRC and other security tools/technologies to collect and retain security and risk information.
• Must be highly analytical with the ability to present your analysis
• Must have strong written, verbal and interpersonal communication skills
• Must have experience in performing risk assessments.
• Must have experience in tracking and reporting security program metrics.
• Experienced with SharePoint, Excel, Word and PowerPoint.
• Must be well organized to track activities and assignments.
• Must be self-driven with little direction to complete tasks. 

$150,212 / yearly 

Please note that the salary information is a general guideline only. Patelco Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a Short-Term Incentive (STI) program for all regular positions and a wide range of medical, dental, vision, financial, and other benefits.

Physical Health:

• Exceptional Medical, Dental, Vision, and Life Insurance benefits
• Onsite fitness center at HQ and rewards for completing wellness related activities 

Financial Health:

• Competitive compensation packages with bonus opportunity
• 401(k) with 3% Safe Harbor and 5% employer match
• Discounts on loan products
• Tuition reimbursement

Emotional Health:

• Employee Assistance Program (EAP)
• PTO for part-time and full-time positions
• Paid holidays

Personal Development:

• On-the-job training and skills development
• Internal transfer opportunities for career growth
• Volunteer work

Flexible work arrangements available for specific positions

Patelco Credit Union is an Equal Opportunity Employer including individuals with disabilities and protected veterans

IND123