IT Security Analyst

Who We Are

We have the fundamental belief that we, as an organization, can and will improve lives. Rooted in the centuries-old credit union philosophy of people helping people, we maintain a simple premise. Those we interact with will receive equal and just treatment, devoid of intolerance, false judgment, racism, or discrimination of any kind. We must not accept less if we are to fulfill our mission, "We Improve Lives." This mission empowers us to serve the greater good and to make a difference in our world. Our cooperative structure creates a cycle of mutual assistance towards the common goal of the financial well-being of members.

At Black Hills Federal Credit Union (BHFCU), we’re committed to improving the lives of our members every day, and we look for people who share that passion. Don’t have a ton of financial industry experience? No problem. Our onboarding includes an orientation program with ongoing training to help staff further their career at BHFCU by building on their existing strengths.

Remote Eligible States:

• South Dakota 
• Montana 
• Wyoming 
• Florida
• Georgia
• Iowa
• Utah
• Kansas 
• Nebraska 
• Texas
• Minnesota 

General Purpose: The IT Security Analyst II supports the Credit Union’s information security governance, risk, and compliance programs through policy administration, audit coordination, risk tracking, vendor oversight, security reporting, and operational support activities. This role helps ensure alignment with regulatory requirements, cybersecurity frameworks, and organizational security objectives while supporting the overall maturity of the Information Security Program.

Essential Duties/Responsibilities:

• Support the Credit Union’s Information Security Governance, Risk, and Compliance (GRC) program in alignment with FFIEC, NCUA, GLBA, NIST CSF, and CIS Controls.
• Assist with the development, review, maintenance, and administration of Information Security policies, standards, and procedures.
• Coordinate Information Security risk assessments, remediation tracking, exception management, and control validation activities.
• Support internal and external audits, regulatory examinations, and compliance reviews through evidence collection and documentation management.
• Prepare recurring security metrics, dashboards, reports, and board reporting materials.
• Support governance activities related to incident response, business continuity, disaster recovery, and change management.
• Assist with monitoring regulatory changes and assist with compliance impact assessments and remediation coordination.
• Support security awareness training initiatives, phishing campaigns, and training completion tracking.
• Maintain Information Security documentation, audit artifacts, governance records, and operational repositories.
• As directed by the IT Security manager, track audit findings, remediation activities, risk items, and security-related tasks to completion.
• Support administration of GRC platforms, workflow systems, and security request tracking processes.
• Coordinate with the IT Security Manager appropriate access review activities, documentation management, and security governance workflows.
• Maintain vendor management records, asset inventories, and security operational tracking documentation.
• Assist with incident response tabletop exercises, reporting coordination, and documentation updates.
• Support recurring operational reporting, committee materials, and executive reporting preparation.

Other Duties/Responsibilities:

• Participate in continuous improvement efforts for the Information Security Program.
• Collaborate with Information Technology, Compliance, Risk Management, Internal Audit, and business units on security initiatives.
• Support strategic Information Security projects and governance initiatives.
• Stay informed on evolving cybersecurity threats, regulatory requirements, and financial industry security practices.
• Attend professional development and security training as required.

Job Knowledge:             

• Working knowledge of Information Security governance, risk management, and compliance frameworks including FFIEC, NCUA, GLBA, NIST CSF, CIS Controls, and PCI-DSS.
• Understanding of Information Security policies, audit coordination, regulatory examinations, risk assessments, and remediation tracking processes.
• Familiarity with third-party/vendor risk management, security awareness training, business continuity, and incident response coordination.
• Familiarity with governance, reporting, and workflow management tools such as Microsoft Office, ServiceNow, Tandem, or similar business applications.

Job Qualifications (Skills):

BHFCU is committed to working with its employees to reasonably accommodate them with the physical aspects of the position.  The following list outlines the physical considerations that are normally encountered in this job.

• Vision: A sighted person to read and interpret data.
• Speech/Hearing: Ability to communicate verbally and in writing with staff and vendors.
• Manual Dexterity: Ability to perform necessary computer-related input.
• Physical Mobility: Prolonged periods sitting at a desk and working on a computer. Ability to work flexible hours.
• Familiarity in using and managing SIEM tools, endpoint protection platforms, and cloud security technologies.
• Strong analytical and problem-solving skills to handle complex incidents.
• Excellent written and verbal communication skills for technical and non-technical audiences.

Job Qualifications (Ability):

• Ability to prioritize tasks and manage time effectively in a fast-paced environment.
• Ability to perform detailed analyses of security incidents and recommend appropriate solutions.
• Interpersonal skills to collaborate with technical and non-technical teams effectively.
• Ability to produce high-quality, accurate work under pressure.
• Capacity to stay ahead of rapidly evolving cybersecurity trends.
• Ability to use various IT security tools and devices in a dynamic environment.

Job Qualifications (Education/Experience):

• Job requires a four year college level of language, math, and reasoning skills or person is currently pursuing a degree in computer security or a related field.
• 2 years’ relevant experience in IT. Preferred experience, enterprise risk management, red team/incident responder, or other relevant experience..
• Certifications preferred: None

Working Conditions:

Material and Equipment Involved

• Personal Computer 
• Webex
• Slack
• Tablet and Mobile Devices
• Projectors and Screens
• Microsoft Office
• IT Security Specific Software
• Various Other Software Applications

Work Environment/Physical Activities

  Occasional travel to one of BHFCU’s branch locations or attendance at community events may be required.

Position will be required to work flexible hours, including on-call rotations, to respond to incidents.

This position is eligible for remote/hybrid work. A review of the working environment must be conducted and approved prior to initiating remote/hybrid work schedule.

Physical Requirements

Perform primarily sedentary work with limited physical exertion and occasional lifting of up to 5 lbs. Must be capable of climbing/descending stairs in emergency situation. Must be able to operate routine office equipment including telephone, copier, facsimile, and calculator. Must be able to routinely perform work on computer for an average of 6-8 hours per day. Must be able to work extended hours whenever required or requested by management. Must by capable of regular, reliable and timely attendance.

Working Conditions

Must be able to routinely perform work indoors in climate-controlled shared work area with moderate noise.

Mental and/or Emotional Requirements

Must be able to perform job functions with supervision and work effectively either on own or as part of a team. Must be able to read and carry out various instructions and follow oral instructions. Must be able to speak clearly and deliver information in a logical and understandable sequence. Must be able to perform basic mathematical calculations with extreme accuracy. Must be capable of dealing calmly and professionally with numerous different personalities from diverse cultures at various levels within and outside of the organization and demonstrate highest levels of customer service and discretion when dealing with the public. Must be able to perform responsibilities with composure under the stress of deadlines/requirements for extreme accuracy and quality and/or fast pace. Must be able to effectively handle multiple, simultaneous, and changing priorities. Must be capable of exercising highest level of discretion on confidential matters.

Notice: This job description is not intended to be, nor should it be construed as, a contract or guarantee of employment.  Black Hills Federal Credit Union adheres to all federal and state labor laws regarding termination and probationary periods.  This position is also subject to all the personnel policies of Black Hills Federal Credit Union.  Changes may be made to this job description at any time by the President.  Black Hills Federal Credit Union is an equal opportunity employer.

Black Hills Federal Credit Union is an equal opportunity employer. All applicants will receive consideration without regard to age, race, color, sex, sexual orientation, genetic information, religion, national origin, disability, veteran status, or any other status or condition protected by state or federal law. BHFCU will provide reasonable accommodation to qualified persons with a disability but who are otherwise able to perform the essential functions of the job.