Information Technology Security Analyst- Hybrid

Are you passionate about cybersecurity, risk management, and building stronger security programs in highly regulated environments? We’re looking for an experienced Information Technology Security Analyst to help strengthen and evolve our Information Security Governance Program while protecting critical systems, sensitive data, and organizational operations.In this role, you’ll work at the center of cybersecurity governance, compliance, risk management, and security operations—partnering with IT teams, leadership, auditors, and external security partners to continuously improve our security posture and cyber maturity.If you thrive in a collaborative environment, enjoy solving complex security challenges, and want to make a meaningful impact, we’d love to hear from you.What You’ll DoAs our Information Technology Security Analyst, you will:Security Governance & ComplianceSupport and enhance the organization’s Information Security Governance ProgramDevelop, maintain, and review security policies, standards, and proceduresEnsure alignment with industry frameworks including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001Assist with regulatory compliance efforts related to NCUA, FFIEC, GLBA, and related standardsPrepare and present cybersecurity reports, metrics, and risk updates to leadership and board committeesRisk Management & AssessmentsConduct security risk assessments across infrastructure, applications, cloud platforms, and third-party vendorsReview SOC reports, penetration test results, certifications, and vendor security documentationLead Business Impact Assessments and support Business Continuity and Disaster Recovery initiativesSupport enterprise risk management and vendor risk management activitiesVulnerability & Security OperationsManage the full vulnerability lifecycle: identification, prioritization, remediation, and reportingMonitor daily security alerts and incidents across SIEM, endpoint protection, DLP, email security, and web filtering platformsInvestigate incidents, perform root cause analysis, and coordinate remediation effortsMonitor for phishing sites, malicious domains, and emerging cyber threatsAudits, Controls & Continuous ImprovementSupport internal and external audits, penetration tests, and ITGC reviewsAudit system configurations against CIS benchmarks and security standardsTrack remediation activities and perform control testingContribute to cyber maturity assessments and continuous improvement initiatives such as ACET and CATCollaboration & AwarenessPartner with internal teams, MSSPs, auditors, and business units to strengthen security practicesDeliver cybersecurity awareness guidance on phishing, social engineering, and data protectionStay current on emerging threats, technologies, and regulatory developmentsWhat You BringRequired QualificationsBachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field (or equivalent experience)5+ years of experience in cybersecurity, information security, GRC, or technology riskExperience working in financial services or other regulated environments preferredTechnical Knowledge & SkillsStrong understanding of:NIST CSFNIST 800-53CIS ControlsISO 27001Experience implementing and auditing CIS Critical Controls and security benchmarksFamiliarity with NCUA, FFIEC, and GLBA requirementsExperience with:Vulnerability managementPenetration testing remediationThird-party/vendor risk assessmentsSOC report reviewsSIEM and security monitoring toolsEndpoint protection and DLP technologiesProfessional SkillsExcellent analytical and problem-solving abilitiesStrong written and verbal communication skillsAbility to translate technical concepts for non-technical audiencesExperience presenting security metrics and risk updates to senior leadership and boardsStrong organizational skills with the ability to manage multiple priorities effectivelyCommitment to continuous improvement and operational excellenceWhy Join Us?You’ll Have The Opportunity ToInfluence and strengthen enterprise cybersecurity strategyWork with leadership on meaningful security initiativesContribute to regulatory readiness and organizational resilienceGrow your expertise in governance, risk, compliance, and security operationsBe part of a collaborative team focused on continuous improvement and innovationPhysical RequirementsThis position may require standing, walking, sitting, reaching, climbing, kneeling, crouching, and lifting up to 50 pounds occasionally. Specific vision abilities required include close vision, distance vision, color vision, peripheral vision, depth perception, and focus adjustment.NGFCU offers competitive compensation and a rich benefits package including medical, dental, vision, disability and life insurance, and a 401(k)-profit sharing plan with employer matching.Compensation and Job Title is commensurate with experience and may fall under the following pay ranges:Information Technology Security Analyst- $88,992 to $125,000 AnnuallyPlease note that the salary information is a general guideline only. Northrop Grumman Federal Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.We perform thorough background checks including verification of previous employment, education, credit checks and pre-employment drug screening. Any discrepancies in reported dates, titles, or degree information may result in an employment offer to be withdrawn.NGFCU is an Equal Opportunity EmployerPursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment-qualified applicants with arrest and conviction records.