Analyst, Senior GRC Information Security Analyst

About The Position

Requirements

• Bachelor's degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CRISC, CISSP, CISS, CISM, CISA, Security+, CEH, GSEC).
• 5+ years of experience in GRC, security, risk management or related fields, particularly in highly regulated industries such as financial, professional services, or government, with expertise in navigating complex regulatory requirements.
• High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
• Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
• Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
• Experience developing and implementing GRC framework, policies and procedures.
• Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
• Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time.
• Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation.
• Ability to work on multiple GRC projects simultaneously.
• Excellent communication and interpersonal skills.

Responsibilities

• Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture.
• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
• Lead critical control activities with stakeholders across the business, quantifying risk, evaluating mitigations, and driving actions to measurably reduce risk.
• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
• Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
• Validate that information security requirements are built into architecture and new technology projects.
• Maintain Information Security risk register, report monthly to appropriately address key risk areas.
• Conduct technical security posture review for annual vendor monitoring and re-assessment processes for new and existing vendors.
• Provide support to the Information Security Incident Response team during cyber/privacy incidents.
• Support internal and external audits by providing documentation and supporting evidence of compliance.
• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
• Prepare detailed reports for senior leadership, including KRI and KPI.
• Act as a mentor, advisory, and escalation point for team members and stakeholders.

Benefits

• You will be eligible to participate in the company's 401k plan which includes a company match and immediate vesting.
• We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA).
• Banc of California partners with providers that offer adoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family.
• Eligible team members receive paid vacation days, holidays, and volunteer time off.
• To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more.