Info Sec GRC Analyst III

Members Achieve More isn't just a tagline for us, it's part of everything we do! We're looking for passionate individuals to join our team to help us maintain that focus every day. Want to work somewhere that's remained strong for 90 years, that encourages you to learn, grow, and pursue your dreams? If yes, then read on...

The Information Security GRC Analyst III is responsible for analyzing and assessing the information security controls in an effort to protect the confidentiality, integrity, and availability of PSECU’s information. The role ensures network and cloud security access and implements and documents measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure.

Monday - Friday, 9:00am - 5:00pm

• Monitor compliance by assisting in protecting the integrity, availability, and confidentiality of network resources and data; develop and enforce security policies, standards, and procedures.
• Participate in network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities.
• Monitor and perform periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-premises solutions.
• Perform or coordinate control testing, assessments, and monitoring to ensure Information Technology processes and controls are effective, functioning as designed, and managed at the appropriate level of risk.
• Coordinate IT self‑assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
• Evaluate related external frameworks or standards (e.g., ITIL, COBIT, NIST, ISO
  27002, SANS
  20) or internal policies/standards to determine applicable IT compliance requirements and controls.
• Independently conduct risk assessments to identify gaps in the control structure.
• Participate in vendor management and due diligence processes; consult with business units when negotiating and contracting third‑party service provider arrangements to ensure associated information security risks are considered.
• Perform due diligence activities to determine third‑party adherence with IT compliance requirements prior to establishing a business relationship.
• Participate in or conduct incident response investigations using PSECU’s Incident Management procedures; support the Incident Management Program to plan and respond effectively to compromises of IT infrastructure.
• Review SIEM, operational logs, and event console activity to identify and determine the cause of security‑related events.
• Assist in developing Information Security and Privacy Awareness content for employees and members, and socialize PSECU Policies and Standards to employees.
• Collect evidence for internal and external audits, research and respond to audit findings, and coordinate with the Internal Audit function.
• Complete other duties as assigned.

• Bachelor’s degree in Computer and Information Science, Information Technology, or an equivalent combination of experience and education.
• Four to six years of experience in Cyber Security, Information Security, Auditing, Risk Management, Information Assurance, or related work supporting and maintaining a network or cloud environment.
• Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or Certified Information Systems Security Professional (CISSP) credential.