Information Security Analyst

About The Position

Requirements

• 2–5 years of experience in cybersecurity, information security, or a related IT role.
• Experience in a regulated industry (financial services preferred).
• Proficiency with Microsoft Active Directory, Azure/Entra ID, and Microsoft 365.
• Working knowledge of vulnerability management tools and security monitoring concepts.
• Familiarity with FFIEC guidance and general regulatory expectations.
• Strong analytical and problem‑solving skills.
• Ability to work independently with minimal supervision.
• Strong documentation and business writing skills.
• Sound judgment when handling sensitive or confidential information.
• Ability to collaborate effectively across technical and non‑technical teams.
• Ability to sit for extended periods and work primarily at a computer workstation.
• Frequent use of keyboard, mouse, and phone.
• Employees will ensure adherence to BSA (Bank Secrecy Act) and risk compliance standards in all job responsibilities, maintaining the organization's regulatory integrity and mitigating potential risks

Nice To Haves

• CompTIA Security+, CISA, CISSP (or progress toward certification).

Responsibilities

• Monitor, investigate, and respond to security alerts from security tools (e.g., SIEM, firewall, endpoint protection).
• Serve as an active member of the Cybersecurity Incident Response Team (CIRT).
• Assist with incident containment, root‑cause analysis, documentation, and remediation tracking.
• Escalate high‑risk or complex incidents to senior leadership as appropriate.
• Administer and enforce role‑based access controls across systems and applications.
• Perform periodic user access reviews and ensure timely remediation of exceptions.
• Review and approve access requests in accordance with internal policies and procedures.
• Ensure all access changes are properly documented through the help desk system.
• Perform vulnerability assessments and coordinate remediation efforts with system owners.
• Track remediation progress and report unresolved or high‑risk findings.
• Support application security reviews and vendor risk assessments.
• Assist with enterprise and system‑level risk assessments.
• Maintain and update information security policies, standards, and procedures.
• Support regulatory examinations and internal/external audits by preparing evidence and documentation.
• Ensure security requirements are incorporated into projects, system changes, and vendor engagements.
• Assist with maintaining security metrics and reporting.
• Support phishing simulations and security awareness initiatives.
• Review reported phishing attempts and coordinate appropriate response actions.
• Provide security guidance to IT staff and business users as needed.

Benefits

• Paid time off in addition to paid federal holidays
• Medical, dental, and vision benefits to employees who regularly work 24+ hours a week
• 401k match
• Ongoing training opportunities
• 8 hours of volunteer time with an organization important to you
• Reimbursement each month for Gym membership (up to $25), hobby reimbursement (up to $25) and fresh local foods (up to $25 on a seasonal basis)