POSITION SUMMARY:

Responsible for executing the Information Security Program for Premier Members Credit Union (PMCU). This role will report to the AVP Information Security.

Will work closely with the Risk and Compliance departments in ensuring PMCU is meeting regulatory requirements and organizational risk tolerance. This position is part of the incident response team and annual security reporting. This position is also responsible for maintaining all operational tasks within the information security portfolio including security training, building and reviewing security policies and controls, conducting risk reviews of systems and compliance with information security best practices.

ESSENTIAL FUNCTIONS:

Governance

• Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations.
• Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT& CK, OWASP Top 10, etc.,
• Build and integrate the security frameworks into the PMCU Information Security Program, ensuring organizational compliance.
• Develop, implement, and maintain policies, standards, and procedures to ensure alignment with PMCU security objectives and industry best practices.
• Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding PMCU assets, including member data.

Risk Management

• Perform risk assessments to identify and mitigate risks related to member data, application security, and security tools’ health checks.
• Analyze and document identified risks, providing actionable mitigation recommendations.

• Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans, and assist tabletop exercises to ensure operational resilience.

Compliance

• Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT& CK, OWASP Top 10, and other relevant frameworks.
• Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings.
• Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements.
• Manage findings from audits, risk assessments, and control testing, documenting resolutions and tracking remediation progresses.
• Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions.
• Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up.

Incident Management

• Participate in the cybersecurity incident response program by assisting with the identification, analysis, and resolution.
• Maintain incident documentation, prepare post-incident reports, and recommend preventive controls to avoid recurrence.
• Support periodic tabletop exercises to assess, document, and enhance the effectiveness of the incident response plan.

Collaboration & Reporting

• Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with PMCU security goals.
• Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector.
• Design, implement, and update InfoSec performance metrics and key performance indicators (KPIs) to measure the effectiveness of the security program and initiatives.
• Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness.

REQUIRED EXPERIENCE:

• 3-5 years of experience in cybersecurity governance, risk management, compliance, or information security engineering roles, preferably within the financial services, banking or credit unions industry.
• Demonstrated experience in security controls testing, findings remediation, exceptions management, and information security performance metric monitoring.

Education/Certification:

• A bachelor’s degree in Information Security, Computer Science, Network, Cyber Security or relevant field is preferred.
• Advanced Degree/Certifications such as CISSP, CISM, CISA, CEH, and CCSP are preferred.

Other Skills/abilities:

• Ability to maintain a high level of confidentiality.

• Strong understanding of regulations and standards relevant to credit unions, including NCUA, SOC 2, NIST, ISO, PCI DSS, CIS, MITRE ATT& CK, OWASP Top 10, and other relevant frameworks.
• Proficiency in risk assessment methodologies, operational risk management, and incident management processes.
• Experience in monitoring phishing reports, managing InfoSec tickets, designing, launching and monitoring cybersecurity training tools and programs, and collaborating with cross-functional teams to resolve security incidents.
• Proficiency in data analytics tools, including coding (e.g., Python, SQL), Excel (e.g., pivot tables, VLOOKUP, macros) to identify anomalies and generate actionable insights.
• Ability to design, update, and analyze InfoSec performance metrics and KPIs, and present findings using PowerPoint.
• Exceptional organizational and communication skills, with the ability to present complex issues into actionable insights for stakeholders.

• Flexible and capable of working independently, as part of a team, or cross-functionally to improve security performance, efficiency, and effectiveness.
• Passion for learning and solving problems.

• Experience with cybersecurity tools and GRC platforms is a plus.

WORKING CONDITIONS

• Standard office conditions.
• Low to moderate noise.
• Limited lifting up to 50 lbs.

This description has been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to each position, have been excluded. Essential functions, requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions. In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all-inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate.

In accordance with the Americans with Disabilities Act, it is possible that requirements may be modified to reasonably accommodate disabled individuals. However, no accommodations will be made which may pose serious health or safety risks to the employee or others or which impose undue hardships on the organization.

The Credit Union believes that each employee makes a significant contribution to our success. That contribution should not be limited by the assigned responsibilities. Therefore, this job description is designed to outline primary duties, qualifications, and job scope, but not limit the incumbent. It is our expectation that each employee will offer his/her services wherever and whenever necessary to ensure the success of our endeavors.

Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.