Information Technology Security Analyst- Hybrid

Are you passionate about cybersecurity, risk management, and building stronger security programs in highly regulated environments? We’re looking for an experienced Information Technology Security Analyst to help strengthen and evolve our Information Security Governance Program while protecting critical systems, sensitive data, and organizational operations.

In this role, you’ll work at the center of cybersecurity governance, compliance, risk management, and security operations—partnering with IT teams, leadership, auditors, and external security partners to continuously improve our security posture and cyber maturity.

If you thrive in a collaborative environment, enjoy solving complex security challenges, and want to make a meaningful impact, we’d love to hear from you.

What You’ll Do

As our Information Technology Security Analyst, you will:

Security Governance & Compliance

• Support and enhance the organization’s Information Security Governance Program
• Develop, maintain, and review security policies, standards, and procedures
• Ensure alignment with industry frameworks including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001
• Assist with regulatory compliance efforts related to NCUA, FFIEC, GLBA, and related standards
• Prepare and present cybersecurity reports, metrics, and risk updates to leadership and board committees

Risk Management & Assessments

• Conduct security risk assessments across infrastructure, applications, cloud platforms, and third-party vendors
• Review SOC reports, penetration test results, certifications, and vendor security documentation
• Lead Business Impact Assessments and support Business Continuity and Disaster Recovery initiatives
• Support enterprise risk management and vendor risk management activities

Vulnerability & Security Operations

• Manage the full vulnerability lifecycle: identification, prioritization, remediation, and reporting
• Monitor daily security alerts and incidents across SIEM, endpoint protection, DLP, email security, and web filtering platforms
• Investigate incidents, perform root cause analysis, and coordinate remediation efforts
• Monitor for phishing sites, malicious domains, and emerging cyber threats

Audits, Controls & Continuous Improvement

• Support internal and external audits, penetration tests, and ITGC reviews
• Audit system configurations against CIS benchmarks and security standards
• Track remediation activities and perform control testing
• Contribute to cyber maturity assessments and continuous improvement initiatives such as ACET and CAT

Collaboration & Awareness

• Partner with internal teams, MSSPs, auditors, and business units to strengthen security practices
• Deliver cybersecurity awareness guidance on phishing, social engineering, and data protection
• Stay current on emerging threats, technologies, and regulatory developments

What You Bring

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field (or equivalent experience)
• 5+ years of experience in cybersecurity, information security, GRC, or technology risk
• Experience working in financial services or other regulated environments preferred

Technical Knowledge & Skills

• Strong understanding of: 
  • NIST CSF
  • NIST 800-53
  • CIS Controls
  • ISO 27001
• Experience implementing and auditing CIS Critical Controls and security benchmarks
• Familiarity with NCUA, FFIEC, and GLBA requirements
• Experience with: 
  • Vulnerability management
  • Penetration testing remediation
  • Third-party/vendor risk assessments
  • SOC report reviews
  • SIEM and security monitoring tools
  • Endpoint protection and DLP technologies

Professional Skills

• Excellent analytical and problem-solving abilities
• Strong written and verbal communication skills
• Ability to translate technical concepts for non-technical audiences
• Experience presenting security metrics and risk updates to senior leadership and boards
• Strong organizational skills with the ability to manage multiple priorities effectively
• Commitment to continuous improvement and operational excellence

Why Join Us?

You’ll have the opportunity to:

• Influence and strengthen enterprise cybersecurity strategy
• Work with leadership on meaningful security initiatives
• Contribute to regulatory readiness and organizational resilience
• Grow your expertise in governance, risk, compliance, and security operations
• Be part of a collaborative team focused on continuous improvement and innovation

Physical Requirements

This position may require standing, walking, sitting, reaching, climbing, kneeling, crouching, and lifting up to 50 pounds occasionally. Specific vision abilities required include close vision, distance vision, color vision, peripheral vision, depth perception, and focus adjustment.

NGFCU offers competitive compensation and a rich benefits package including medical, dental, vision, disability and life insurance, and a 401(k)-profit sharing plan with employer matching.

Compensation and Job Title is commensurate with experience and may fall under the following pay ranges:

Information Technology Security Analyst- $88,992 to $125,000 Annually 

Please note that the salary information is a general guideline only. Northrop Grumman Federal Credit Union considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/training, key skills, internal peer equity, as well as market and business considerations when extending an offer. We offer a competitive total rewards package including a wide range of medical, dental, vision, financial, and other benefits.

We perform thorough background checks including verification of previous employment, education, credit checks and pre-employment drug screening. Any discrepancies in reported dates, titles, or degree information may result in an employment offer to be withdrawn.

NGFCU is an Equal Opportunity Employer

Pursuant to the Los Angeles Fair Chance Ordinance, we will consider for employment-qualified applicants with arrest and conviction records.