Enterprise Risk Management Information Security Analyst II - Endwell, NY

About Us

We're in the business of people helping people and you can help us change lives just by working here. Whether it’s helping a member make a transaction, buy their first home, or improve their financial wellness one step at a time – you have an impact on their lives just by working here, no matter what your position may be.

Work with us – and be part of something bigger than banking.

In exchange for your time and talents, we offer generous benefits. After all, you make us awesome, so we take care of you with things like…

• Pension Plan, 401k Plan with company match


• Excellent health benefits


• Flexible Paid Time Off (PTO), Volunteer Time Off (VTO), and Wellness Time Off (WTO)


• 10+ paid holidays per year


• Lifestyle Spending Account stipend for wellness, caregiving, or personal expenses such student loans and tuition reimbursement


• Employee recognition program
  ...and more!

At Visions, we do, and will continue to, treat all of our employees fairly and with complete respect, regardless of race, ethnicity, gender, and any other differences. We strive to celebrate the diversity of our employees, as they are part of the fabric of this great credit union.

Title of Position: Enterprise Risk Management Information Security Analyst II - Endwell, NY

Position Overview: As an Enterprise Risk Management Analyst II – Information Security, you support all aspects of the company’s Enterprise Risk Management and Enterprise Information Security and Privacy programs. You will conduct Enterprise Risk Management (ERM) risk assessments utilizing Visions Enterprise Risk Management tool and supporting systems. You will perform product and process-based risk assessments using established and approved risk assessment tools and contribute to their ongoing improvement based on assessment results and practical application. Ensure that risks are assessed in alignment with Visions governance structure (i.e., legal and industry requirements, policies, programs, procedures, standards and guidelines, information security frameworks and audit and examination expectations). Maintain Enterprise Risk Management administrative compliance controls. Track, analyze, and report on key metrics.

Position Type: Full-Time. Typical shifts include Monday through Friday 8:00AM to 5:00PM.

Compensation Range: $65,000/Yr - $90,000/Yr . *Hiring rates may be dependent on a number of factors, including years of directly related work experience, education, geographic location or special skills*

Location: Position is On-site at our Corporate Headquarters: 3301 Country Club Road, Endwell, NY

At this time, Visions Federal Credit Union will not sponsor a new applicant for employment authorization or offer any immigration related support for this position.

Responsibilities/Duties:

• Perform technology and process-based risk assessments for IT hardware and software assets and for electronic and high-risk transaction products. In partnership with ERM colleagues, IT and lines of business staff, as applicable, conduct risk assessments according to the schedule and the ERM program and procedures. Document the operational effectiveness of controls used to mitigate the risk, and how those controls are tested.


• Create corrective action plans as applicable. Track, monitor and report on progress to ensure mitigation within target completion dates. Ensure that risk levels are managed in a manner that ensures compliance with Visions’ governance structure.


• Stay abreast of current and emerging threats, advisories, alerts and risks and recommend mitigations. Use these in performing technology risk assessments.


• Participate in industry collaborative efforts to monitor, share, and discuss emerging security threats. Provide recommendations on how to mature the Credit Union’s security posture.


• Ensure that administrative controls meet external compliance requirements.


• Maintain awareness of current, proposed and emerging security, privacy and data breach legislation and standards. Provide recommendations on how to meet current, pending or planned compliance requirements.


• Contribute to the development of information security, privacy, and risk management training. Ensure that training aligns with established organizational information security policies and standards and with legal and industry standard requirements and guidance.


• Participate in audits, examinations, and external risk assessments. Provide requested information, respond to recommendations, and provide status updates to support remediation efforts.


• Understand the Credit Union’s technology systems, security controls, business processes and the teams who directly support them.


• Help develop key risk indicators (KRIs), key performance indicators (KPIs) and other metrics. Track, monitor and report on indicators including trend analysis.


• Understand incident response and data breach notification procedures. Participate in incident response planning, development of procedures, testing and execution of procedures.


• Exude a presence of being an enterprise information security risk management subject matter expert (SME). Serve as an internal information security, privacy and IT risk management consultant.


• Promote a culture of information security and privacy awareness throughout the organization.


• Provide departmental back-up coverage as needed.


• Respond effectively to changing ideas, responsibilities, expectations, trends, strategies, and other processes.


• Demonstrate a commitment to diversity, equity, inclusion, and belonging through continuous development, modeling inclusive behaviors, and proactively managing bias.


• Perform other duties needed to help fulfil our mission, drive our strategy, and support our organization’s values.

Minimum Qualifications & Experience:

• Bachelor’s degree in information security, cybersecurity, information technology, or a related discipline with 1-3 years of relevant experience; 4-6 years of experience may be considered in lieu of degree.


• Proficient in the Microsoft Office Suite programs.


• Proficient with standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines, PCs, etc.


• Visions remains committed to the aspects of diversity and inclusion and will consider alternative education and experience.

Preferred Qualifications & Experience:

• Training or certificates of completion in relevant topics.


• Knowledge of the NIST Cybersecurity Framework, NIST information security and privacy controls, the NIST risk management framework and guidelines for conducting risk assessments and the ability to apply them in an organization to reduce risk to an acceptable level.


• Knowledge of the Payment Card Industry (PCI) Data Security Standard (DSS) and how to apply the requirements in an organization to maintain compliance with the standard.


• Knowledge and use of the NCUA self-assessment tools for Information Security.


• Ability to read, understand, analyze, and interpret policies, procedures, standards, legal and other documents, and professional journals.


• Ability to take initiative to recommend and implement improvements to increase efficiency and attain higher levels of maturity.

We're more than banking. You can be, too. #ClaimYourSeat