Information and Security Compliance/Vendor Management Specialist
As Azura continues to grow, so do our departments and we are excited to add a dual role to our Compliance team! The Information and Security Compliance/Vendor Management Specialist will be the main point of contact for our Virtual Information Security Officer. Responsible for ensuring the third party Virtual Information Security Officer is supported as well as being the internal resource for our information security program. This includes maintenance of our policies and procedures, communication both internally and externally, and working with our information security vendor. The ISC/Vendor Management Specialist will have the opportunity to learn and support our ongoing compliance requirements.
The ISC/Vendor Management Specialist will be responsible for compliance with regulatory and industry regulations and internal IT policies. This position will execute the planning and performance of assessments across various compliance areas. In addition, this position will work directly with technical and business leadership to select, deploy, and validate IT controls to ensure compliance requirements are maintained. Compliance reviews could consist of IT General Controls as well as selected application or special projects.
This is a cross-functional role, working closely with teams to ensure controls and compliance requirements are clearly defined and implemented. Effective communication and willingness to learn is important to the success of this role.
Will have the responsibility of training/teaching control owners on compliance and will train in other areas of the compliance department.
- Liaison between VISO and IT team to address identified issues/concerns.
- Monitors activities assigned to IT controls to ensure compliance with internal policies and procedures.
- Facilitates compliance with internal control standards via regular monitoring of related activities.
- Conducts reviews and documents results based on defined controls and standards.
- Reviews work product of team members and consultants to ensure review criteria are completed and accuracy of assessments.
- Performs multiple compliance reviews with specific deadlines.
- Prepares summaries of review results.
- Manages the progress of remediation steps on identified deficiencies. Works with VISO and CIO, supporting the incident lifecycle process including detection, analysis, containment, eradication, recovery and post-incident activity.
- Assists in the development of continuity of operation plans and disaster recovery plans.
- Formalize processes to catalog and maintain inventory of all software and hardware assets.
- Develop and implement plans to protect technological physical assets including data centers, controlled areas and controls for securing assets.
- Developing internal security training.
- Five to eight years of related experience.
- Experience in successful project implementation and follow-up.
- Bachelor’s Degree in related field. Equivalent knowledge attained through on the job experience will be considered.
- CISA, CIA, CPA, CISM, CISSP, MCP, MCSE, CCNA preferred, required within 2 years from entering the job or other applicable for the job certifications.
- Knowledge of local, state and federal laws and regulations relavent to information security, privacy and computer crime. Current on security practices and threat landscape.
- Working knowledge of vulnerability assessment and penetration testing tools with in-depth knowledge of network components such as bridges, routers, concentrators, cabling systems and Ethernet in switched environments.
- High level of confidentiality and professionalism.
- Conflict resolution, relationship building and soliciting cooperation required.
- Excellent communication skills both verbal and written.
- Works well independently and as a team.
- Ability to develop and manage new processes.
- Strong attention to detail with effective organizational skills.
Azura Credit Union is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, (including pregnancy, sexual orientation or gender identity), national origin, age, disability, genetic information or protected veteran status. Azura participates in E-Verify and, upon being hired, will provide the federal government with your form-I9 information to confirm that you are authorized to work in the USA. If you are interested in the position, please complete our employment application along with cover letter outlining your interest and qualifications. Resumes welcomed. Voted again, Best Employer in Topeka in our category!