Meritrust Credit Union · 10 hours ago
Information Security Analyst II
Broomfield, CO
Full-time
Onsite
Mid Level
$78K/yr - $98K/yrMeritrust Credit Union is committed to creating a diverse and inclusive workplace. The Information Security Analyst II will execute the Governance, Risk, and Compliance (GRC) program within the Information Security team, ensuring compliance with regulatory requirements and managing operational tasks related to information security.
Banking
Responsibilities
Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations
Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc
Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance
Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices
Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data
Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks
Analyze and document identified risks, providing actionable mitigation recommendations
Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience
Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks
Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings
Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements
Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses
Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions
Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up
Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals
Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector
Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program
Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness
Qualification
Required
Stay current with Financial Regulations such as FFIEC guidelines, NCUA requirements, and other compliance regulations
Familiar with Information Security Frameworks such as PCI DSS, NIST 800-53, FedRAMP, ISO 27001, CIS, MITRE ATT&CK, OWASP Top 10, etc
Build and integrate the security frameworks into the MCU Information Security Program, ensuring organizational compliance
Develop, implement, and maintain policies, standards, and procedures to ensure alignment with MCU security objectives and industry best practices
Design and conduct employee training on compliance, information security, and risk management topics with a focus on safeguarding MCU assets, including member data
Perform risk assessments to identify and mitigate risks related to member data, application security, and security tool health checks
Analyze and document identified risks, providing actionable mitigation recommendations
Support the Information Security Incident Response Plan (ISIRP), Business Continuity and Disaster Recovery (BC/DR) plans and assist tabletop exercises to ensure operational resilience
Monitor and support compliance efforts related to regulations and frameworks such as NCUA, NIST, ISO, PCI DSS, CIS, MITRE ATT&CK, OWASP Top 10, and other relevant frameworks
Assist with internal and external audits and regulatory examinations, providing required evidence and ensuring timely remediation of findings
Conduct regular testing of controls in security policies to ensure effectiveness and alignment with regulatory requirements
Manage findings from audits, risk assessments, security policies control testing, documenting resolutions and tracking remediation progresses
Participate in the exceptions management process, conducting documentation, risk acceptance, and periodic reviews of exceptions
Monitor phishing reports and InfoSec tickets submitted by employees, ensuring proper investigation, resolution, and follow-up
Collaborate with IT, compliance/risk management, and operational teams to align cybersecurity objectives with MCU security goals
Provide regular reporting to leadership on the cybersecurity program status, compliance gaps, and risk trends specific to the credit union sector
Design, implement, and update InfoSec performance metrics and key risk indicators (KRIs) to measure the maturity and effectiveness of the security program
Act as a resource for employees on GRC-related inquiries to promote a culture of compliance and security awareness
Benefits
Comprehensive medical insurance plan
Dental and vision insurance
Generous paid-time-off
12 paid holidays
Annual bonus (based off of annual results/scorecard each year)
401(k) plan
Wellness program
Tuition assistance
Employee loan discount
Employee Assistance Program (EAP)
Life and disability coverage
Company
Meritrust Credit Union
Meritrust Credit Union offers loans, insurance, financial education, digital banking, and other services.
Founded in 1935
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
James Nastars
President/CEO
Jess Howard
VP, Chief Financial Officer
Recent News
2025-11-02
2025-11-01
Company data provided by crunchbase