Security Risk and Compliance Specialist

OneAZ Credit Union - Arizona


POSITION:                 Security Risk and Compliance Specialist

DEPARTMENT:         Risk Management

REPORTS TO:           VP Risk Management


SUMMARY: The Risk Management Department helps all OneAZ business units identify and manage risk. The team focuses on several key risk types, including conduct, credit, financial crimes, information security, interest rate, liquidity, market, model, operational, regulatory compliance, reputation, strategic, vendor and technology risk.


The Security Risk and Compliance Analyst, as part of the Independent Risk Management function, is responsible for governance, oversight, and credibly challenging information security risk exposures and risk management practices through monitoring, analyzing, and developing standards for remediating risk that arises from inadequate or failed processes, people, systems, or external events, while maintaining a balance between risk mitigation and operational efficiency. The Primary functions are to assist with the day-to-day operation of the Business Continuity Management Program, Information Security Compliance Program and Third-Party Risk Management Program.


  • Assist with the maintenance of policies, procedures and associated plans for disaster recovery administration, business continuity, information security compliance, and associated risk.
  • Assist with aspects of actual recovery plan efforts, including initial emergency response, recovery procedures, and business resumption processes.
  • Assist with business impact analyses maintenance and updates to the credit union’s critical functions.
  • Assist with the development of disaster avoidance strategies, impact reduction strategies, and department-specific business continuity plans.
  • Assist in coordination and support of business continuity and disaster recovery testing exercises and evaluations.
  • Develop familiarity with applicable state and federal regulatory requirements, internal requirements and industry best practices related to information security management and business continuity.
  • Develop and perform Information Security Risk Assessment
  • Track and report on the status of Information Security Management’s compliance with regulatory and internal requirements to leadership.
  • Credibly challenge appropriateness, completeness, effectiveness, and sustainability of corrective actions taken to address situations defined as issues.
  • Manage the Information Security aspect of Third-Party Due diligence
  • Manage the development and communication of Information Security policies, procedures, processes, systems, and internal controls.
  • Stay abreast of emerging technology trends, methodologies, and practices.
  • Assist with day-to-day operations of other Security Risk and Compliance processes.
  • Assist with special projects as required.
  • Perform other duties as assigned.

Required Qualifications

  • 5+ years of experience one or more of the disciplines above
  • Experience with evaluating the processes, risks and design and effectiveness of controls associated with Information Security Management risk
  • Demonstrated operational risk management experience.
  • Demonstrated issue management experience.
  • Experience developing comprehensive report/presentations to senior management, stakeholders, and risk and management committees.
  • Experience in the financial industry and technical or PCI certifications a plus

Desired Qualifications

  • Familiarity with risk management standards such as COBIT, ISO, PCI and NIST, business continuity management, or regulatory compliance
  • Strong initiative and the ability to set and manage priorities and work successfully with minimal supervision. Must manage multiple tasks/projects while maintaining attention to detail.
  • Excellent verbal, written, and interpersonal communication skills.
  • Strong analytical skills with high attention to detail and accuracy
  • Ability to interact with all levels of an organization.
  • Ability to turn preliminary or ambiguous information, ideas, or problems into well-defined plans and solutions.



To perform the job successfully, an individual should demonstrate the following competencies:


Analytical - Synthesizes information; Collects and researches data; Uses intuition and experience to complement data analysis.


Problem Solving - Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics.


Interpersonal Skills - Focuses on solving conflict, not blaming; Maintains confidentiality; Listens to others without interrupting; Keeps emotions under control; Remains open to others' ideas and tries new things. Strong oral and written communication abilities.

Ethics - Treats people with respect; Keeps commitments; Inspires the trust of others; Works with integrity and ethically; Upholds organizational values.


Judgment - Displays willingness to make decisions; Exhibits sound and accurate judgment; Supports and explains reasoning for decisions; Includes appropriate people in decision-making process; Makes timely decisions.


Quality - Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.


            Organizational - Ability to organize and manage multiple projects.





To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill,

and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.


EDUCATION and/or EXPERIENCE                                                

Bachelor's degree in Computer Science, Business Continuity, Emergency Management, Information Security Management, or related field, or the equivalent in education and work experience.


Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Security Professional (CISSP), or Certified Business Continuity (CBCP) desired.


To apply, please send resume to:  Margaret Chamberlain, Vice President Risk Management at

Posting Date: 
May 20, 2021