IT Security Governance, Risk Compliance Analyst

Not Eligible for Remote Employment - Requires Candidate to be in-person & onsite in Wichita, KS

Role:
Execute and maintain CUA’s Information Security Governance, Risk, and Compliance (GRC) program elements. Focus on execution, monitoring, and independent validation of governance controls, evidence collection, audit and regulatory examination support, and risk tracking. Support ongoing regulatory compliance and risk transparency while preserving management accountability and decision authority in alignment with applicable regulatory guidance (FFIEC, NCUA, KDCU, GLBA).

• Coordinate, collect, and maintain evidence required for internal audits, external audits, and regulatory examinations (e.g., NCUA, FFIEC, GLBA).
• Support regulatory and audit examinations by preparing documentation, responding to evidence requests, and tracking follow-up items.
• Track audit and examination findings, remediation activities, and management responses to ensure timely and documented closure.
• Perform periodic internal compliance reviews and control testing to validate adherence to approved security policies, standards, and procedures.

• Support the Vendor Risk Management (VRM) program by reviewing third-party security documentation, SOC reports, and due-diligence artifacts in accordance with established risk assessment standards.
• Maintain and update the Information Security Risk Register, ensuring risks are clearly documented, assessed, tracked, and mapped to appropriate mitigation or acceptance decisions.
• Monitor risk remediation timelines and escalate overdue or unresolved items through established governance and reporting channels.

• Assist in the drafting, updating, maintenance, and version control of Information Security policies, standards, and operational procedures.
• Ensure governance documentation remains current, internally consistent, and aligned with regulatory updates, audit outcomes, and business practices.
• Track required policy and procedure reviews and coordinate stakeholder input as directed by the Information Security Officer (ISO).

• Facilitate recurring governance activities including Role-Based Access Control (RBAC) reviews, access attestations, and control validation by coordinating with HR, IT, and business unit leaders.
• Coordinate and track Information Security awareness training and phishing simulation activities, maintaining required evidence and completion metrics.
• Prepare governance materials, dashboards, and summaries for committees (e.g., IT Steering Committee) focused on compliance posture, control coverage, and risk status.

• Support execution of approved Information Security and Insider Threat Program elements by monitoring policy adherence and control effectiveness.
• Maintain key compliance, governance, and risk metrics (KPIs/KRIs) used for management and executive reporting.
• Provide accurate, timely data and documentation to support management review and decision making; interpretive analysis and risk acceptance decisions remain with the ISO and executive leadership.

N 5% Perform other duties as assigned by supervisor. Employees shall be trained annually, demonstrate an understanding of, and follow the requirements of the BSA/AML Compliance Program as it specifically relates to their job.

• Demonstrate a “Welcome to Friendly” attitude and model Credit Union of America’s values (Friendly, Inclusive, Productive, Respectful, Compassion) and purpose “We come to work every day inspired to make a difference in our member’s lives.”
• Ensure audit and regulatory examination evidence is accurate, complete, well organized, and available within the required timeframe, with minimal rework or follow up requested by auditors or examiners.
• Ensure audit and examination findings, management responses, and remediation activities are consistently tracked, documented, and escalated in accordance with established governance procedures.
• Verify Information Security Risk…