Information Security & Governance Analyst

About The Position

Requirements

• Bachelor’s degree from an accredited college or university in Information Systems, Cybersecurity, Computer Science, Business, or a closely related field, or equivalent experience.
• 1–3 years of experience in information security, risk management, audit, compliance, or a related field.
• Experience in a regulated industry such as financial services or banking is preferred.
• Foundational understanding of information security, risk management, and governance concepts.
• Familiarity with security frameworks such as CIS or NIST.
• Ability to analyze information and document risks and controls clearly.
• Strong organizational and documentation skills.
• Effective written and verbal communication skills.
• Ability to work collaboratively in a team environment and follow established processes.

Nice To Haves

• Preferred Certifications (or progress toward): CISA – Certified Information Systems Auditor CRISC – Certified in Risk and Information Systems Control
• Experience or exposure to GRC platforms (e.g., ServiceNow) preferred.

Responsibilities

• Support the Information Security & Governance team in executing elements of the enterprise information security program.
• Assist in preparing risk assessments, metrics, and reporting for leadership and committee review.
• Participate in governance, risk, audit, and security-related meetings as a contributor.
• Assist with business continuity, disaster recovery, and incident response activities, including documentation reviews and tabletop exercise coordination.
• Support post-exercise reviews by documenting observations and tracking follow-up actions.
• Assist with risk assessments for systems, processes, vendors, and business functions using established methodologies.
• Support internal and external audits through evidence collection, documentation, and coordination with stakeholders.
• Assist with control self-assessments and remediation tracking in collaboration with control owners.
• Perform user access reviews for assigned systems, ensuring completeness, accuracy, and timely completion.
• Maintain access review documentation, metrics, and evidence in accordance with established procedures.
• Assist the Security Risk Register process by documenting identified risks, updating risk details, and tracking remediation activities.
• Ensure risks from audits, assessments, and incidents are accurately captured and updated.
• Assist with preparing periodic risk reporting for leadership and committees.
• Support the Third-Party Risk Management (TPRM) program by conducting vendor risk assessments and SOC reviews for new and existing vendors.
• Track vendor risk issues and remediation activities.
• Assist with reviewing vulnerability and penetration test reports.
• Track remediation status and validate closure evidence in coordination with IT teams.
• Support cloud security and application risk tracking activities as assigned.
• Assist with updating information security policies, standards, and procedures.
• Support mapping controls to industry frameworks and regulatory requirements.
• Identify control gaps or improvement opportunities and escalate to senior team members.
• Collaborate with IT, business units, and vendors to support security and risk initiatives.
• Participate in security awareness, training, and knowledge-sharing activities.
• Perform other duties as assigned.

Benefits

• At Brentwood Bank, we know that great people make a great organization. We value our people and offer our employees a broad range of benefits to support wellness for individuals and families.
• Brentwood Bank is committed to a diverse, equitable, and inclusive culture that empowers our people contribute their unique ideas and perspectives to make a difference.
• Brentwood Bank creates a strong relationship within the communities we serve and will continue to contribute our time, talent, and financial support to improve the areas where we live and work.
• Here, you will work alongside company leaders and industry pioneers who have proven experience and are committed to continuous innovation.
• Employees feel valued in all aspects of their lives, including both their professional and personal aspirations.
• We are looking to hire the best and brightest to help us continue to evolve and drive superior services.
• From entry-level employees to senior leaders, we believe there is always room to learn. We offer opportunities to build new skills, take on leadership opportunities, and grow connect through mentorship.
• From on-the-job training to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career.