
Third-Party Risk & Senior InfoSec Analyst
Join Us in Making an Impact ✨
At OneAZ Credit Union, our success is measured only by yours. We’re here to create lasting change in the lives of our members, our communities, and our team. If you're looking for a career with purpose, where your work truly matters—you've found it!
Who You Are 🧩
You’re impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let’s build something great together.
What You’ll Do 🚀
📍This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027
- Perform risk-based due diligence and ongoing monitoring of third-party vendors
- Review and analyze Security questionnaires
- Review and analyze SOC 1 / SOC 2 reports
- Review and analyze Business continuity and disaster recovery documentation
- Document vendor risk assessments and identify control gaps
- Drive remediation efforts and follow up with business owners and vendors
- Maintain vendor risk inventory and supporting documentation
- Assist in preparing reports for management and regulatory exams
- Escalates overdue remediation items and unresolved control gaps.
- Support coordination of incident response activities (cybersecurity, and security/operational incidents)
- Track incidents from identification through resolution
- Manage incident documentation, evidence tracking, and record maintenance
- Assist in post-incident reviews, including root cause analysis and lessons learned
- Support development and maintenance of incident response procedures and playbooks
- Participate in incident response testing and tabletop exercises
- Compile and maintain reporting on Vendor risk assessments and outstanding issues
- Compile and maintain reporting on Incident trends and metrics
- Coordinate with IT and compliance teams to ensure timely execution of security operational requirements.
- Ensure documentation is complete, organized, and audit-ready
- Identify and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture.
- Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
- Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels
What You Bring 🎯
- High School Diploma or GED Required
- Bachelors Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
- 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
- Understanding of vendor risk management and due diligence practices
- Familiarity with SOC reports and basic control frameworks
- Working knowledge of incident response lifecycle and documentation
- Strong attention to detail and documentation discipline
- Ability to manage multiple priorities and meet deadlines
- Effective written and verbal communication skills
- Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders.
- Strong written and verbal communication with consistent escalation and status reporting discipline.
Compensation & Benefits 🎉
- Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time, Low-cost Medical, Dental & Vision plans
- Paid childcare assistance
- Award-winning 401K
- Gym fee reimbursement
- Tuition Reimbursement
- Student loan repayment
- ...and much more. Explore all the details in our comprehensive Benefits Booklet
- Target hiring range $84,149.19 - $105,186.49 (Depending on experience and prior to any incentives this position is eligible for)
Why Join OneAZ?
At OneAZ, we’re not just a credit union; we’re a financial trailblazer that passionately cares about inspiring dreams and driving prosperity in the communities we serve. We exist to clear the way for dreamers and doers, aspiring to be the bank for new pioneers.
We are driving change in our communities, constantly improving our products and services so our members and their families can relentlessly pursue their dreams. By embodying our values and living our promise, you’ll be part of a team committed to exceeding expectations and redefining what’s possible.
Additional Notes:
Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights. Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Any individual who meets the definition of a mortgage loan originator (MLO) and is employed by a federal agency-regulated institution will need to be registered on the Nationwide Mortgage Licensing System (NMLS). Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.
Apply for this job
*
indicates a required field