IS Compliance Analyst

WECU is seeking an Information Security (IS) Compliance Analyst to join our Information Security department located in Bellingham, WA. This role will provide regulatory expertise in all aspects of WECU’s compliance for all applicable regulations. This role is responsible for assisting the Manager of Information Security Compliance create, maintain, and implement the enterprise-wide Information Security program, policy, and procedure documentation. The IS Compliance Analyst is responsible for providing risk analysis reviews to the Manager of Information Security Compliance for all internal, external, and third-party hardware and software. The IS Compliance Analyst notes deficiencies discovered in risk analysis and makes corrective recommendations to the Manager of Information Security Compliance. The IS Compliance Analyst acts as a liaison to other internal groups in the implementation of regulatory controls, as well as acting as assisting the Manager of Information Security Compliance with regulatory assistance in both internal and external audits.

ESSENTIAL FUNCTIONS:

• Work with Manager of Information Security Compliance to provide subject matter expertise in the creation, implementation, and maintenance of appropriate enterprise programs, policies, and procedures to be compliant with all applicable regulations including, but not limited to, 12 CFR Part 748, GLBA, and others.
• Update and maintain WECU’s written Information Security policies, procedures, and risk management guidelines.
• Perform vendor due diligence reviews on new or existing vendors to evaluate Information Security risk to WECU.
• Process and respond to potential and actual cyber security incidents, or alerts issued through the US-CERT, FS-ISAC, or CISA as applicable to enterprise systems and operations.
• Work with the Manager of Information Security Compliance to establish, maintain, and institutionalize security incident response procedures to ensure that security events are thoroughly investigated, documented, and reported; that damage is minimized, that risks are mitigated, and that remedial actions are taken to prevent recurrence.
• Assist in staff training on Information Security Incident Response processes.
• Acts as a liaison with other internal groups in the implementation of regulatory compliance solutions. 
• Work with the Manager of Information Security Compliance to assure executive management's awareness of legal and regulatory changes that might impact information security and privacy policies and practices.
• Work with the Manager of Information Security Compliance to prepare reports on the status and effectiveness of the information security program. 
• Work with the Information Security Team to coordinate, conduct, and review data security requirements, specifications, risk assessments, and, if applicable, third-party risk assessments of any new or existing computer applications or services. 
• Work with the Manager of Information Security Compliance to verify that security requirements are identified, and that risk mitigation plans are developed and contractually agreed to prior to the purchase of information technology hardware, software, and systems development services for any new high impact computer applications or computer applications that receive, maintain, and/or share confidential data.
• Review third-party attestation and audit reports and provides feedback to business leaders and risk owners.
• Work with the Information Security Team to monitor and manage compliance of implemented enterprise information security controls.
• Complete Information Security Control Assessments
• Other duties as assigned.

EDUCATION AND SKILLS:

Education

• Bachelor's degree from four-year college or university in Computer Science or Computer Security with three years related experience, or equivalent combination of education and/or experience related to the discipline.
• CISSP, CISA, or CRISC certifications are a plus.
• Financial services experience is a plus.

Skills

• Ability to utilize working knowledge of information security best practices such as: NIST 800 series, ISO 27000 series, ISA, or COBIT.
• Excellent skills in risk assessment processes, policy development, proposals, work statements, product evaluations, and delivery of technology.
• Ability to understand enterprise business computing operations/requirements.
• Knowledge of forensics, incident analysis, and incident response management.
• Ability to stand firm on issues yet be flexible and creative to find effective solutions. 
• Ability to organize, create, and deliver technical proposals and presentations to peers and management.
• Ability to understand and interpret laws and regulatory requirements related to information protection, and develop and implement appropriate processes to keep WECU in compliance and reduce legal liabilities.
• Project Management knowledge and experience a strong plus.
• Ability to respond effectively to highly sensitive inquiries or complaints.
• Ability to effectively give persuasive speeches and presentations on controversial or complex topics to various audiences.
• Ability to read and interpret complex documents and summarize findings.
• Ability to write complex reports, regulatory documents, policies and correspondence.

NOTE: The foregoing may not be an exhaustive list of all responsibilities skills, efforts or working conditions associated with this position. Because this position requires responsiveness to changing market conditions and rapidly developing technology, other skills and abilities may also be, or become, required of employees in this position.

COMPENSATION:

The salary range for this position is from $34.21 to $48.30 per hour. 

WECU provides a comprehensive benefits package that includes medical, dental, and vision benefits with premiums for employee coverage paid in full, 401(k) retirement plan with an 8% annual contribution from WECU, bonus plan, two or more weeks of vacation, up to 11 paid holidays, paid life and disability insurance, annual wellness benefit, loan discounts, professional development, and much more.

ABOUT WECU:

WECU is a not-for-profit financial cooperative where members are encouraged to save and borrow responsibly at fair and competitive rates. Headquartered in Bellingham, WA, WECU has over 160,000 members and over $3 billion dollars in assets.

It is WECU's mission to make a meaningful difference in the lives of our members. We strive to treat both members and staff with honesty and integrity and to be a socially responsible part of our community. WECU also endeavors to be an employer of choice. 

WECU is an Equal Opportunity Employer that is committed to diversity and inclusion in the workplace.  We make employment decisions based on merit and qualifications and seek to have the best qualified person in every job. WECU policy prohibits discrimination based on race, color, religion, creed, sex, gender, sexual orientation, gender identity, marital status, age, national origin, or ancestry, physical or mental disability, veteran status, genetic characteristics or information, or any other consideration made unlawful by federal, state, or local laws.