Department: Information Technology 

Job Status: Full Time 

FLSA Status: Non-Exempt 

Reports To: VP IT Manager 

Amount of Travel Required: 5% 

Positions Supervised: None

Work Schedule:

Monday-Friday 8:00 - 5:00 

Hours may vary based on need.

 POSITION SUMMARY

The IT Information Security Analyst supports the Bank’s IT Department and Information Security Program by monitoring, analyzing, and protecting information systems to safeguard organizational data. This role works with IT, Risk Management, and the Information Security Officer to identify vulnerabilities, respond to security events, support regulatory compliance, strengthen day-to-day security operations, and provide documentation for exam readiness, ISO program oversight, and board reporting.

ESSENTIAL FUNCTIONS

Reasonable accommodations statement

To accomplish this job successfully, an individual must be able to perform, with or without reasonable accommodation, each essential function satisfactorily. Reasonable accommodation may be made to help enable qualified individuals with disabilities to perform the essential functions.  

RESPONSIBILITIES: 

Security Monitoring & Incident Response 

• Monitor security tools (SIEM, MDR, endpoint protection, and network controls) for suspicious activity 
• Assist ISO with investigation of security events and escalate incidents in accordance with the bank’s incident response procedures 
• Document incidents, root cause analysis, and remediation actions 
• Support ISO with phishing simulations and user-awareness initiatives 

Risk Assessment & Compliance 

• Support ISO in maintaining risk assessments for systems, applications, and vendors 
• Review and assist with security considerations related to third-party connections and service providers

Vulnerability & Threat Management 

• Perform vulnerability scanning and track remediation efforts 
• Monitor emerging threats and assess exposure to the institution 
• Coordinate patch management and secure configuration practices 
• Participate in penetration testing and external audit remediation 

Security Controls & Policy Administration 

• Maintain and enforce security policies, standards, and procedures 
• Ensure controls align with the organization’s information security program and risk appetite 
• Configure and validate security tools such as: 
• Firewalls, MFA, endpoint protection 
• Email security and web filtering 
• Data protection and encryption controls 
• Assist in third-party risk and vendor access reviews 

Governance, Reporting & Documentation

• Prepare reports on:
• Security posture 
• Risk findings 
• Incident trends 
• Maintain documentation 

Business Continuity & Resilience Support 

• Assist ISO with Business Continuity Planning (BCP) and Disaster Recovery (DR) testing 
• Ensure recovery strategies align with regulatory expectations 
• Assist in audit preparation, evidence gathering, and control documentation for IT department

OTHER DUTIES AS ASSIGNED

POSITION QUALIFICATIONS

Competency Statement(s)

• Accuracy - Ability to perform work accurately and thoroughly.  
• Detail Oriented - Ability to pay attention to the minute details of a project or task.  
• Honesty / Integrity - Ability to be truthful and be seen as credible in the workplace.  
• Initiative - Ability to make decisions or take actions to solve a problem or reach a goal.  
• Responsible - Ability to be held accountable or answerable for one’s conduct.  
• Loyal - The trait of feeling a duty to the employer.  
• Reliability - The trait of being dependable and trustworthy.  
• Organized - Possessing the trait of being organized or following a systematic method of performing a task.  
• Accountability - Ability to accept responsibility and account for his/her actions.  
• Working Under Pressure - Ability to complete assigned tasks under stressful situations. 
• Adaptability - Ability to adapt to change in the workplace.  
• Safety Awareness - Ability to identify and correct conditions that affect employee safety.  
• Deductive Reasoning - Ability to apply principles of logical or scientific thinking to a wide range of intellectual and practical problems.  
• Communication, Oral - Ability to communicate effectively with others using the spoken word.  
• Other duties as assigned. 

SKILLS & ABILITIES

Education: High School Graduate or General Education Degree (GED), bachelor’s degree or higher in I.T. related field preferred but not required.   

Experience: Two or more years of experience in Cybersecurity environment preferred.

Computer Skills:

• Excellent knowledge of Windows operating systems, including Windows Server
• Working knowledge of VMware vCenter and vSphere
• Excellent knowledge of Microsoft Office suite of products
• Network and Internet connectivity knowledge – including switch, router, firewall and wireless management.  

Other Requirements: 

• Strong understanding of: 
• Network security, endpoint security, and identity management 
• Security monitoring tools (SIEM, EDR, MDR) 
• Knowledge of banking regulatory frameworks (FFIEC, GLBA, NIST) 
• Risk assessment and control evaluation skills 
• Analytical and problem-solving ability 
• Strong written and verbal communication skills (especially audit/regulatory communication) 

Preferred Qualifications

• Bachelor’s degree in computer science, Information Systems, or related field
• Certifications in CISSP, CISM, CISA, Security+ 
• Experience in financial services or regulated environment

PHYSICAL DEMANDS

N (Not Applicable)

Activity is not applicable to this position. 

O (Occasionally)

Position requires this activity up to 33% of the time (0 - 2.5+ hrs/day) 

F (Frequently)

Position requires this activity from 33% - 66% of the time (2.5 - 5.5+ hrs/day) 

C (Constantly)

Position requires this activity more than 66% of the time (5.5+ hrs/day) 

Physical Demands

Lift/Carry

Stand 

F 

Walk 

F 

Sit 

F 

Manually Manipulate 

F 

Reach Outward 

O 

Reach Above Shoulder 

O 

Climb 

O 

Crawl 

O 

Squat or Kneel 

O 

Bend 

O 

Grasp 

F 

Speak 

F 

10 lbs or less 

O 

11-20 lbs 

O 

21-50 lbs 

O 

51-100 lbs 

O 

Over 100 lbs 

O 

Push/Pull

12 lbs or less 

O 

13-25 lbs 

O 

26-40 lbs 

O 

41-100 lbs 

O 

WORK ENVIRONMENT: Office environment.

Education: High School Graduate or General Education Degree (GED), bachelor’s degree or higher in I.T. related field preferred but not required.   

Experience: Two or more years of experience in Cybersecurity environment preferred.

Computer Skills: 

• Excellent knowledge of Windows operating systems, including Windows Server
• Working knowledge of VMware vCenter and vSphere
• Excellent knowledge of Microsoft Office suite of products
• Network and Internet connectivity knowledge – including switch, router, firewall and wireless management.  

Other Requirements: 

• Strong understanding of: 
• Network security, endpoint security, and identity management 
• Security monitoring tools (SIEM, EDR, MDR) 
• Knowledge of banking regulatory frameworks (FFIEC, GLBA, NIST) 
• Risk assessment and control evaluation skills 
• Analytical and problem-solving ability 
• Strong written and verbal communication skills (especially audit/regulatory communication) 

Preferred Qualifications

• Bachelor’s degree in computer science, Information Systems, or related field
• Certifications in CISSP, CISM, CISA, Security+ 
• Experience in financial services or regulated environment