Risk Analyst jobs in Harrisburg, PA

PSECU, a high-tech progressive financial institution with more than $8 billion in assets, is seeking an Information Security GRC Analyst I or II. The Information Security GRC Analyst I is responsible for assisting in analyzing and assessing the information security controls to protect the confidentiality, integrity, and availability of PSECU’s information.   The individual assists in ensuring network security access and assists in implementing and documenting measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure.  The Information Security GRC Analyst II is responsible for analyzing and assessing the information security controls to protect the confidentiality, integrity, and availability of PSECU’s information.   The individual is responsible for ensuring network and cloud security access and for implementing and documenting measures to safeguard the network against accidental or authorized modifications, destruction, or disclosure.  

Benefits: We offer a competitive salary, excellent benefits and a great work environment. Along with excellent medical and retirement programs and a generous leave package, our workplace offers tuition reimbursement.

Employee Type: Full-time, Non-exempt

Schedule: Monday-Friday 9am-5pm

This position will be a hybrid model of both in person and remote with the minimum onsite expectation of 1 day a week, or as needed.  #LIHybrid 

Minimum Starting Pay Rate: (Commensurate with experience)

DUTIES AND ACCOUNTABILITIES FOR LEVEL I - Essential for this position: 

• Assists in ensuring that resource owners/users are aware of security policies and standards.
• Research and respond to internal and external audit findings.
• Assist in the protecting the integrity, availability, and confidentiality of network resources and data.
• Review audit trails, system logs, and other monitoring data sources to identify incidents and assist in incident investigations.
• Review operation logs and event console activity to identify and determine the cause of security-related events.
• Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
• Assist in the development of security policies, standards, and procedures.
• Assists in maintaining a systematic process for managing PSECU’s information security risks. Facilitate ITS business unit risk assessments.
• Participate throughout the system development life cycle and system acquisition and implementation initiatives.
• Participate in network, system, and application vulnerability assessments, generate report findings, and verify remediation activities.
• Assist with periodic user appropriateness and high-risk privilege reviews with other departments. Assist with reviewing the appropriateness of user activities.

DUTIES AND ACCOUNTABILITIES FOR LEVEL II - Essential for this position: 

• Assist in the development and enforcement of security policies, standards, and procedures.
• Assist in protecting the integrity, availability, and confidentiality of network resources and data.
• Ensure audit trails, system logs, and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Review SIEM, operation logs, and event console activity to identify and determine the cause of security-related events.
• Participate in network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities.
• Participate in the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-prem solutions.
• Manage or coordinate periodic user access reviews with other departments. Review the appropriateness of user activities.
• Perform or coordinate control testing, assessments, and monitoring to ensure that Information Technology processes and controls are effective, functioning as designed, and managed to the appropriate level of risk.
• Coordinate IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
• Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
• Participate in or conduct incident response investigations by using and understanding PSECU’s Incident Management procedures. Participate in the Incident Management Program in order to plan and respond effectively to a compromise of PSECU’s IT infrastructure or to an unauthorized access and/or disclosure of sensitive company, member, or employee data. 

MINIMUM / PREFERRED EXPERIENCE AND EDUCATION FOR LEVEL I

Minimum Experience:

Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Assurance, or a related field,

Entry level to two years’ experience in Cybersecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment,

Or any equivalent combination of experience and education.

Preferred Experience:

Certification in field of expertise is preferred, i.e., Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Internal Auditor (CIA).

MINIMUM / PREFERRED EXPERIENCE AND EDUCATION FOR LEVEL II: 

Minimum Experience:

Two - Four years’ experience in Cybersecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment,

Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Assurance, or a related field,

Or any equivalent combination of experience and education.

Preferred Experience:

Certification in field of expertise, i.e., Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), or Certified Internal Auditor