GRC InfoSec Analyst

• →Assist with the development, implementation, and ongoing improvement of the Information Security Governance Program. Which include maintaining information security policies, standards and procedures and coordinating annual reviews.
• →Map policies and processes to framework such as NIST CSF, NIST 800-53, ISO 27001 and CIS controls.
• →Support the maintenance of security policies, standards, and frameworks aligned with NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
• →Collect and analyze cyber metrics, KRIs/KPIs, risk dashboards, and board-level reporting data.
• →Prepare materials to help present cybersecurity posture, risks, and remediation strategies to the Board, Supervisory Committee, and Executive Leadership.
• →Lead the Business Impact Assessment and BCP and Disaster Recovery process.
• →Execute oversight for IT and applicable stakeholders.
• →Conduct information security risk assessments as per process, aid in the risk evaluation of Application, Infrastructure, Cloud environments and Third-party vendors (evaluate SOC reports, security certifications, cyber security and penetration test reports.
• →Perform control testing and help coordinate audit responses and remediation
• →Help coordinate IT General Controls testing and Penetration Testing for First Ent.
• →Work daily alerts and patch management and software updates/releases
• →Track security incidents, document root cause and monitor remediation  actions
• →Board reporting on cyber health and Information security maturity
• →Contribute to continuous improvement initiatives for cyber maturity (ACET/CAT).
• →Performs other ERM/GRC duties in Operations, Compliance and Vendor Management as directed.

At First Entertainment, your role and every role are essential to our Mission [We build lifelong financial relationships with the people in entertainment based on a deep understanding of how they live and work], Core Values [Members First + Ownership + Integrity + Innovation + Inclusivity + One Team], and we expect you to uphold them.

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Technology, or a related field.
• 2+ years of experience as an Analyst in information security, GRC, technology risk management, or a related discipline within financial services or a highly regulated environment.
• Strong understanding of information security frameworks, including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001.
• Demonstrated experience supporting or managing regulatory compliance programs (NCUA, FFIEC, GLBA).
• Excellent analytical, problem-solving, and organizational skills.
• Strong written and verbal communication skills with the ability to present technical concepts to non-technical audiences.
• Proficiency with risk management tools, reporting dashboards, and relevant cybersecurity technologies.
• Professional certifications such as CISA, CISM, CRISC, CISSP, or similar preferred but not required.
• Experience in vendor risk management, third-party assessments, or supply chain security a plus.
• Familiarity with cyber maturity models such as ACET or CAT preferred.
• Project management experience and/or relevant certifications (e.g., PMP, CAPM) are a plus.
• Demonstrated ability to drive process improvement and influence cross-functional teams.