Back to jobs
New

Third-Party Risk & Senior InfoSec Analyst

2355 W Pinnacle Peak Rd, Phoenix, AZ 85027

Join Us in Making an Impact ✨ 

At OneAZ Credit Union, our success is measured only by yours. We’re here to create lasting change in the lives of our members, our communities, and our team. If you're looking for a career with purpose, where your work truly matters—you've found it! 

Who You Are 🧩 

You’re impactful, compassionate, and fearless, ready to embrace new challenges and shape the future of financial well-being. You take accountability for our success and thrive in an environment where curiosity is celebrated. If this sounds like you, let’s build something great together. 

What You’ll Do 🚀 

📍This position will be located at our Corporate Office: 2355 W Pinnacle Peak Rd, Phoenix, AZ 85027

The Third-Party Risk & Senior Infosec Analyst supports the credit union’s vendor risk management, incident response coordination, and information security governance and oversight programs. This role is responsible for performing risk assessments of third-party vendors, supporting incident management activities, and providing administrative and operational support for the Information security governance and oversight program.
 
The position works cross-functionally with Information Security, Risk Management, and IT.
 
Essential Functions
  • Perform risk-based due diligence and ongoing monitoring of third-party vendors  
  • Review and analyze Security questionnaires
  • Review and analyze SOC 1 / SOC 2 reports
  • Review and analyze Business continuity and disaster recovery documentation
  • Document vendor risk assessments and identify control gaps
  • Drive remediation efforts and follow up with business owners and vendors
  • Maintain vendor risk inventory and supporting documentation
  • Assist in preparing reports for management and regulatory exams
  • Escalates overdue remediation items and unresolved control gaps.
  • Support coordination of incident response activities (cybersecurity, and security/operational incidents)
  • Track incidents from identification through resolution
  • Manage incident documentation, evidence tracking, and record maintenance
  • Assist in post-incident reviews, including root cause analysis and lessons learned
  • Support development and maintenance of incident response procedures and playbooks
  • Participate in incident response testing and tabletop exercises
  • Compile and maintain reporting on Vendor risk assessments and outstanding issues
  • Compile and maintain reporting on Incident trends and metrics
  • Coordinate with IT and compliance teams to ensure timely execution of security operational requirements.
  • Ensure documentation is complete, organized, and audit-ready
  • Identify and deliver security training programs to employees, promoting best practices and enhancing the organization’s security posture.
  • Review penetration testing and security. Perform ongoing analysis of security systems logs and intrusion detection tools/procedures.
  • Monitor changes in the security industry including new vulnerabilities, viruses, intrusions, fraud schemes, and best practices and tools available for system/network protection. Recommend appropriate technical changes to maintain designated security protection levels

What You Bring 🎯

  • High School Diploma or GED Required
  • Bachelors Degree in Business, Information Security, Risk Management, or related field (or equivalent experience)
  • 3-5 years similar or related experience in one or more areas: Vendor/Third-Party Risk Management, Information Security or IT Risk, Incident Management or Incident Response
  • Understanding of vendor risk management and due diligence practices
  • Familiarity with SOC reports and basic control frameworks
  • Working knowledge of incident response lifecycle and documentation
  • Strong attention to detail and documentation discipline
  • Ability to manage multiple priorities and meet deadlines
  • Effective written and verbal communication skills
  • Demonstrated ability to independently manage operational security tasks and drive follow-through across stakeholders.
  • Strong written and verbal communication with consistent escalation and status reporting discipline.

Compensation & Benefits 🎉

  • Generous paid time off: paid holidays, floating holidays, personal days, vacation days, plus sick time, Low-cost Medical, Dental & Vision plans 
  • Paid childcare assistance
  • Award-winning 401K
  • Gym fee reimbursement 
  • Tuition Reimbursement 
  • Student loan repayment
  • ...and much more. Explore all the details in our comprehensive Benefits Booklet
  • Target hiring range $84,149.19 - $105,186.49 (Depending on experience and prior to any incentives this position is eligible for)

Why Join OneAZ? 

At OneAZ, we’re not just a credit union; we’re a financial trailblazer that passionately cares about inspiring dreams and driving prosperity in the communities we serve. We exist to clear the way for dreamers and doers, aspiring to be the bank for new pioneers. 

We are driving change in our communities, constantly improving our products and services so our members and their families can relentlessly pursue their dreams. By embodying our values and living our promise, you’ll be part of a team committed to exceeding expectations and redefining what’s possible. 

Additional Notes:  

Knowingly submitting false information will result in disqualification for consideration of future positions, termination of employment and forfeiture of other rights. Candidates for this position will be required to sign an authorization for OneAZ to conduct a credit and criminal background check, pursuant to procedures in the Fair Credit Reporting Act and any other applicable laws. All candidates will be considered for this position on an individualized basis, in compliance with all applicable equal employment opportunity laws. Any individual who meets the definition of a mortgage loan originator (MLO) and is employed by a federal agency-regulated institution will need to be registered on the Nationwide Mortgage Licensing System (NMLS). Ensures compliance with applicable policies, laws, and regulations, including the Bank Secrecy Act (BSA), Anti-Money Laundering (AML) compliance, USA Patriot Act, and Office of Foreign Assets Control (OFAC). This job description should not be considered all-inclusive. It is merely a guide of expected duties. The associate understands that the job description is neither complete, nor permanent and may be modified at any time. At the request of their supervisor, an associate may be asked to perform additional duties or take on additional responsibilities without notice. Complies with all policies and standards. Position grades could fluctuate based on market value.

 

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Education

Select...
Select...
Select...

Select...
Select...
Select...
Select...
Select...
Select...
Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in OneAZ Credit Union’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Select...
Select...
Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Select...

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury
Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.