GRC InfoSec Analyst

First Entertainment Credit Union is looking for a GRC Information Security (InfoSec) Analyst to supports the Credit Union’s cybersecurity governance, regulatory compliance, and enterprise technology risk management programs. This position helps ensure the organization maintains a robust and exam-ready security posture that meets NCUA/FFIEC expectations, GLBA requirements, and industry best practices.

The GRC InfoSec Analyst collaborates with Technology, Compliance, Operations, and Audit teams, providing key insights regarding cybersecurity risk, vendor security, emerging threat trends, and control effectiveness. The role also assists in embedding cyber governance processes across the enterprise, driving secure innovation and maintaining member trust.

This is a full-time, hybrid opportunity in our Los Angeles office and reporting to the VP, ERM. The targeted pay in California is between $32 to $42 per hour.

Responsibilities

• Assist with the development, implementation, and ongoing improvement of the Information Security Governance Program. Which include maintaining information security policies, standards and procedures and coordinating annual reviews.
• Map policies and processes to framework such as NIST CSF, NIST 800-53, ISO 27001 and CIS controls.
• Support the maintenance of security policies, standards, and frameworks aligned with NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
• Collect and analyze cyber metrics, KRIs/KPIs, risk dashboards, and board-level reporting data.
• Prepare materials to help present cybersecurity posture, risks, and remediation strategies to the Board, Supervisory Committee, and Executive Leadership.
• Lead the Business Impact Assessment and BCP and Disaster Recovery process.
• Execute oversight for IT and applicable stakeholders.
• Conduct information security risk assessments as per process, aid in the risk evaluation of Application, Infrastructure, Cloud environments and Third-party vendors (evaluate SOC reports, security certifications, cyber security and penetration test reports.
• Perform control testing and help coordinate audit responses and remediation
• Help coordinate IT General Controls testing and Penetration Testing for First Ent.
• Work daily alerts and patch management and software updates/releases
• Track security incidents, document root cause and monitor remediation  actions
• Board reporting on cyber health and Information security maturity
• Contribute to continuous improvement initiatives for cyber maturity (ACET/CAT).
• Performs other ERM/GRC duties in Operations, Compliance and Vendor Management as directed.

At First Entertainment, your role and every role are essential to our Mission [We build lifelong financial relationships with the people in entertainment based on a deep understanding of how they live and work], Core Values [Members First + Ownership + Integrity + Innovation + Inclusivity + One Team], and we expect you to uphold them.

Requirements

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
• 2+ years of experience as an Analyst in information security, GRC, technology risk management, or a related discipline within financial services or a highly regulated environment.
• Strong understanding of information security frameworks, including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
• Demonstrated experience supporting or managing regulatory compliance programs (NCUA, FFIEC, GLBA).
• Excellent analytical, problem-solving, and organizational skills.
• Strong written and verbal communication skills with the ability to present technical concepts to non-technical audiences.
• Proficiency with risk management tools, reporting dashboards, and relevant cybersecurity technologies.
• Professional certifications such as CISA, CISM, CRISC, CISSP, or similar preferred but not required.
• Experience in vendor risk management, third-party assessments, or supply chain security a plus.
• Familiarity with cyber maturity models such as ACET or CAT preferred.
• Project management experience and/or relevant certifications (e.g., PMP, CAPM) are a plus.
• Demonstrated ability to drive process improvement and influence cross-functional teams.