IT Risk Analyst

Filer Credit Union
Manistee, United States of America
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Junior

Job location

Manistee, United States of America

Tech stack

Microsoft Windows
Access Network
Software Applications
Software System Penetration Testing
CompTIA Security+
Computer Security
System Configuration
Electronic Data Interchange (EDI)
Information Technology Audit
Microsoft Office
Systems Integration
Information Technology
Fortinet
User Administration
Vulnerability Analysis

Job description

Serves as a technical escalation point for the IT Support Specialist; provides guidance and knowledge sharing without direct supervisory authority.

Manages IT compliance activities including audit follow-up, required testing, and regulatory reporting. Leads technical evaluation, onboarding, and implementation of new vendor solutions from research through project completion. Conducts ongoing IT due diligence and periodic re-review of existing technology vendors. Provides IT perspective for vendor risk assessments in coordination with the accounting department and third-party audit services and works alongside the credit union's managed service provider (MSP) on infrastructure-related matters. Supports the Director of Innovation in examination preparation and provides secondary technical support for employee onboarding and system administration tasks., 1. New Vendor Technical Onboarding and Implementation

  • Evaluate technical compatibility of proposed vendor solutions with existing infrastructure and security requirements
  • Conduct research and development assessments for new technology solutions
  • Develop and manage implementation plans with clearly defined procedures, documentation, deadlines, and accountability
  • Coordinate technical onboarding requirements including network access, integrations, and data exchange
  • Lead implementation efforts for new vendor systems from kickoff through project completion, coordinating with the MSP, internal staff, and vendor project teams
  • Document technical configurations, integrations, and implementation decisions
  • Coordinate testing and validation of new systems prior to go-live
  1. IT Audit and Compliance Management
  • Track and coordinate remediation of IT audit findings, examination issues, and internal control gaps
  • Maintain audit tracking systems and provide status reporting to management
  • Prepare documentation and evidence for NCUA/DIFS examinations and external audits
  • Monitor compliance with IT policies, procedures, and regulatory requirements including GLBA and NCUA guidelines
  • Assist with IT policy review and updates as needed
  1. Required Testing and Assessments
  • Plan, coordinate, and document quarterly and annual IT testing requirements
  • Coordinate penetration testing, vulnerability assessments, and social engineering tests with third-party vendors
  • Conduct periodic user access reviews across core systems and applications
  • Track testing schedules and ensure timely completion of all required assessments
  • Participate in Business Continuity and Disaster Recovery testing coordinated by the MSP as needed
  1. Vendor IT Due Diligence and Risk
  • Provide IT perspective and technical input for vendor risk assessments in coordination with the accounting department and Third Party Audit Link
  • Perform initial IT due diligence on new vendors and hand off documentation to the accounting department upon onboarding
  • Conduct ongoing IT due diligence through periodic re-review of critical technology vendors on an established cycle, including review of updated SOC reports and security documentation
  • Assess whether critical vendors maintain their own vendor-management programs and identify significant fourth-party subcontractors they rely upon
  • Review available SOC reports or security attestations for significant fourth-party subcontractors where critical vendors depend on them
  • Stay aware of significant vendor security events, breach notifications, and material changes between scheduled reviews, escalating as needed
  1. Technical Support and Administration
  • Assist with employee IT onboarding including workstation setup, account provisioning, and access configuration
  • Support Microsoft 365 administration including user management, security configurations, and policy enforcement
  • Maintain a working understanding of the firewall and routing environment to coordinate effectively with the MSP, which administers those systems
  • Serve as a technical escalation point for the IT Support Specialist on complex issues
  • Provide backup technical support during peak periods or staff absences
  1. Reporting and Documentation
  • Prepare IT compliance reports for management and Board reporting
  • Maintain IT risk register and track risk mitigation activities
  • Document IT processes, procedures, and system configurations
  • Track and report on key IT metrics and compliance indicators
  1. Regulatory Compliance
  • Comply with Bank Secrecy Act, USA PATRIOT Act, and OFAC requirements as applicable
  • Complete assigned training on information security, compliance, and regulatory topics
  • Stay current on evolving regulatory requirements and industry best practices
  • Perform other duties as assigned

PERFORMANCE MEASUREMENTS

  1. Audit findings are tracked and remediated within established timeframes

  2. Required testing is completed on schedule with thorough documentation

  3. Vendor due diligence re-reviews are completed on the established cycle and kept current

  4. New vendor implementations are completed on time and within scope

  5. Compliance documentation is organized, accurate, and exam-ready

  6. Management reports are delivered timely with actionable information, This job description indicates the general nature and level of work expected. It is not designed to contain or be interpreted as a comprehensive listing of all activities, duties, or responsibilities required. Employees may be asked to perform other duties as needed. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

Filer Credit Union is an Equal Opportunity Employer and maintains at-will employment., Job descriptions assist organizations in ensuring that the hiring process is fairly administered and that qualified employees are selected. They are also essential to an effective appraisal system and related promotion, transfer, layoff, and termination decisions. Well-constructed job descriptions are an integral part of any effective compensation system.

All descriptions have been reviewed to ensure that only essential functions and basic duties have been included. Peripheral tasks, only incidentally related to each position, have been excluded. Requirements, skills, and abilities included have been determined to be the minimal standards required to successfully perform the positions. In no instance, however, should the duties, responsibilities, and requirements delineated be interpreted as all-inclusive. Additional functions and requirements may be assigned by supervisors as deemed appropriate., Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.

Requirements

  • High school diploma or equivalent required
  • Associate or Bachelor's degree in Information Technology, Cybersecurity, Business, or related field preferred
  • Industry certifications such as CompTIA Security+, CISA, CCNA or Microsoft certifications a plus, * 3-5 years of experience in IT compliance, IT audit, systems administration, or related technical role
  • Experience in financial services or regulated industry strongly preferred
  • Experience with technology project implementation preferred

Required Knowledge and Skills

  • Understanding of IT audit processes, controls, and compliance frameworks
  • Proficiency with Microsoft 365 administration and security features
  • Familiarity with vendor due diligence and SOC report review
  • Familiarity with Fortinet/FortiGate environments helpful for MSP coordination
  • Knowledge of regulatory requirements applicable to financial institutions (GLBA, NCUA)
  • Strong project management and organizational skills
  • Strong analytical and problem-solving abilities
  • Excellent written and verbal communication skills
  • Ability to manage multiple priorities and work independently

PHYSICAL REQUIREMENTS

  • Ability to sit for extended periods while working at a computer
  • Ability to lift and carry equipment up to 25 pounds
  • Ability to travel between branch locations as needed
  • Normal visual acuity and hearing for reviewing documentation and communication, Education/Certification: High school graduate or equivalent.

Required Knowledge: Thorough knowledge of Credit Union products, services, and policies.

Understanding of regulatory requirements and compliance standards in credit union industry.

Experience Required: 1-3 years of lending experience

Skills/Abilities: Strong interpersonal and communication skills.

Well organized.

Able to operate related computer applications in Microsoft Suite

Strong attention to detail.

PHYSICAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION

Repetitive Motion: Movements frequently and regularly required using the wrists, hands, and/or fingers.

Talking: Able to converse with team and board members confidently, adequately, and accurately.

Average Visual Abilities: Average, ordinary, visual acuity necessary to prepare or inspect documents or products or

operate machinery.

Average Hearing: Able to hear average or normal conversations and receive ordinary information.

Physical Strength: Able to sit/stand/walk as job requires.

Sedentary work; sitting most of the time. Lift up to 50lbs and exert up to 10lbs. of force

occasionally. (Almost all office jobs.)

MENTAL ACTIVITIES AND REQUIREMENTS OF THIS POSITION

Reasoning Ability: Ability to apply logical thinking to define problems, collect data, establish facts, and draw

conclusions.

Able to deal with multiple variables.

Mathematics Ability: Ability to perform basic math skills, use decimals to compute ratios and percents.

Language Ability: Ability to read and comprehend periodicals, journals, manuals, dictionaries, thesauruses, and

encyclopedias.

Ability to prepare business letters, proposals, summaries, and reports using prescribed format

and conforming to all rules of punctuation, grammar, diction, and style.

Benefits & conditions

Pulled from the full job description

  • Professional development assistance
  • Tuition reimbursement
  • 401(k)
  • Health insurance
  • Paid time off
  • Vision insurance
  • Health savings account, * 401(k)
  • Dental insurance
  • Employee assistance program
  • Flexible schedule
  • Health insurance
  • Health savings account
  • Life insurance
  • Paid time off
  • Professional development assistance
  • Tuition reimbursement
  • Vision insurance

Apply for this position