Information Security Analyst

Position Overview

Information Security Analyst – The Information Security (IS) Analyst is responsible for protecting the bank's digital assets and infrastructure (including cloud infrastructure) from cyber threats and managing information security risks in alignment with industry standards and regulatory expectations. This role involves monitoring systems, analyzing security incidents, conducting risk assessments, assisting with executing Identity & Access Management (IAM) processes, and ensuring compliance with regulatory requirements. The IS Analyst also assists with establishing sound governance functions and ensuring internal controls are operating effectively.

Location: On-site (preferred)
Salary: Salaried

Reports to:

Key Responsibilities

• Monitor and analyze security alerts from tools such as SIEM, IDS/IPS, DLP, and endpoint protection systems.
• Investigate and respond to cybersecurity incidents, including root cause analysis and remediation.
• Conduct vulnerability assessments and penetration testing; lead efforts to recommend mitigation strategies and ensure remediation plans are executed timely.
• Support Secure Development Lifecycle (SDLC) processes and ensure secure development processes are embedded and enforced throughout the SDLC.
• Manage processes for securing the bank's cloud infrastructure, with a focus on Microsoft Azure and AWS.
• Monitor emerging regulatory requirements, threats, and industry trends, advising leadership on necessary changes and improvements.
• Generate reports and metrics for management and regulatory bodies.
• Maintain and update IS policies, procedures, and standards in alignment with industry frameworks (i.e., NIST CSF 2.0) and regulatory requirements (FFIEC, GLBA, etc.).
• Develop and maintain security documentation, playbooks, and training materials.
• Manage and monitor security awareness, education, and training for employees.
• Perform internal and vendor IS risk assessments (including data privacy and other regulatory risk assessments) and lead remediation efforts of identified control gaps.
• Assist in managing and testing the bank's Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to ensure operational resiliency and rapid recovery.
• Support centralized IAM governance and the daily processing of access requests and provisioning.
• Manage IS metrics monitoring and reporting; prepare reports and dashboards to communicate compliance performance to senior management and stakeholders; monitor and report on the status of risk remediation activities.
• Support audits, inspections, and reviews conducted by regulators and external parties.
• Carry out responsibilities in a manner consistent with the bank's values, operating principles, policies, and applicable laws, with a commitment to continuous improvement and process excellence.
• Perform any other duties as assigned.

Required Qualifications

• Education: Bachelor's degree in Business Administration, Finance, Risk Management, Law, or a related field.
• Experience Required: 2-4 years of experience in an IS or cybersecurity role, preferably in the banking or financial services sector.
• Familiarity with banking regulations and cybersecurity frameworks (e.g., NIST 2.0 CSF/RMF, PCI DSS, FFIEC, FDIC part 364 Appendix B, GDPR, etc.).
• Strong technical aptitude with Microsoft Azure and AWS Cloud Infrastructure, including experience with cloud security tools (e.g., Sentinel, Defender, Purview, AWS Security Hub, etc.).
• Strong analytical and problem-solving skills.
• Ability to manage multiple priorities and work collaboratively in a team environment.
• Proactive and analytical with a strong understanding of regulatory compliance in the banking sector.
• Possess strong positivity, be mission driven, competitive, goal oriented, and motivated to develop themselves and others.
• Energetic, resourceful, and exhibits an appropriate work intensity to get the work done.
• Strong people acumen and relationship skills, with the ability to quickly establish positive personal and professional relationships.
• Ability to interpret instructions furnished in written, oral, diagram, or schedule form.
• Must be able to lift up to 20 pounds.

Preferred Qualifications

• Certifications such as CRISC, CISA, CISM, CISSP, or equivalent are preferred.