Job Description

Position Title: Information Security Analyst


Department: Risk Management


Reports To: Chief Risk Officer




General Summary/Purpose


As an Information Security Analyst, you will play a critical role in protecting the bank's information systems from cybersecurity threats. Your role will include governance, risk and compliance, analyzing vulnerabilities, implementing security measures, and responding to security breaches. You will work closely with IT teams and our virtual CISO (vCISO) to ensure that our security infrastructure is robust and compliant with regulatory and industry standards, including NIST Cybersecurity Framework, CIS Control Framework, FFIEC and GLBA.




Key Duties and Responsibilities




#1 Governance, Risk, and Compliance (GRC)

Support compliance audits and regulatory examinations by preparing documentation and evidence Maintain and update cybersecurity policies, procedures, and standards Conduct regular risk assessments and document risk treatment plans Track and monitor compliance with cybersecurity frameworks and banking regulations Coordinate with internal audit and external auditors on cybersecurity findings Maintain GRC documentation repository and ensure version control

Percentage of time: _50%




#2 Vulnerability Management

Conduct and coordinate regular vulnerability scanning and assessments across all bank systems and networks Track, prioritize, and manage vulnerability remediation efforts in coordination with IT teams Coordinate with vendors and managed service providers on vulnerability identification and remediation Develop and maintain vulnerability management policies and procedures Create executive-level vulnerability reports and dashboards for senior management

Percentage of time: _20%




#3 Reporting and Documentation

Prepare detailed compliance reports for regulators, senior management, and the Board of Directors Document cybersecurity processes, procedures, and incident response activities Maintain audit trails and evidence collection for regulatory requirements Create and distribute cybersecurity metrics and KPI reports Support regulatory reporting requirements related to cybersecurity Percentage of time: __15%



#4 Training and Education Program

Develop and deliver information security awareness training to ensure all bank employees are educated on security best practices and compliance requirements Administer the bank's Cybersecurity Educational Platform Act as a security advisor for projects involving sensitive data or introduce new technologies that might impact the security posture

Percentage of time: _10%




#5 Incident Response and Security Events

Investigate, document, and coordinate response to cybersecurity events and incidents, including those reported by managed service providers. Collaborate with external partners to ensure comprehensive threat analysis and response strategies Lead the incident response team during security breaches or other emergencies

Percentage of time: _5%


Education, Training and Skills Required


(Identify the minimum required to perform the duties and responsibilities.)


____ Limited training normally acquired through high school education


____ Specialized education/training normally acquired through up to 18 months' of higher education


____ Education/training equivalent to an Associates' Degree


__X_ Education/training equivalent to a Bachelors' Degree


____ Education/training equivalent to a Masters' Degree


____ Advanced education/training in a recognized field of specialization, e.g. CPA, MBA


____ Other (please specify)




Experience Required


(Identify the minimum required to perform the duties and responsibilities as well as the type of experience required, i.e. customer service, accounting, etc.)


____ None


____ Three months to one year


__X_ More than one year, fewer than three years


____ More than three years, fewer than five years


____ More than five years, fewer than eight years


____ More than eight years