Information Technology Security Analyst- Hybrid

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related field (or equivalent experience)
• 5+ years of experience in cybersecurity, information security, GRC, or technology risk
• Strong understanding of: NIST CSF, NIST 800-53, CIS Controls, ISO 27001
• Experience implementing and auditing CIS Critical Controls and security benchmarks
• Familiarity with NCUA, FFIEC, and GLBA requirements
• Experience with: Vulnerability management, Penetration testing remediation, Third-party/vendor risk assessments, SOC report reviews, SIEM and security monitoring tools, Endpoint protection and DLP technologies
• Excellent analytical and problem-solving abilities
• Strong written and verbal communication skills
• Ability to translate technical concepts for non-technical audiences
• Experience presenting security metrics and risk updates to senior leadership and boards
• Strong organizational skills with the ability to manage multiple priorities effectively
• Commitment to continuous improvement and operational excellence

Nice To Haves

• Experience working in financial services or other regulated environments preferred

Responsibilities

• Support and enhance the organization’s Information Security Governance Program
• Develop, maintain, and review security policies, standards, and procedures
• Ensure alignment with industry frameworks including NIST CSF, NIST 800-53, CIS Controls, and ISO 27001
• Assist with regulatory compliance efforts related to NCUA, FFIEC, GLBA, and related standards
• Prepare and present cybersecurity reports, metrics, and risk updates to leadership and board committees
• Conduct security risk assessments across infrastructure, applications, cloud platforms, and third-party vendors
• Review SOC reports, penetration test results, certifications, and vendor security documentation
• Lead Business Impact Assessments and support Business Continuity and Disaster Recovery initiatives
• Support enterprise risk management and vendor risk management activities
• Manage the full vulnerability lifecycle: identification, prioritization, remediation, and reporting
• Monitor daily security alerts and incidents across SIEM, endpoint protection, DLP, email security, and web filtering platforms
• Investigate incidents, perform root cause analysis, and coordinate remediation efforts
• Monitor for phishing sites, malicious domains, and emerging cyber threats
• Support internal and external audits, penetration tests, and ITGC reviews
• Audit system configurations against CIS benchmarks and security standards
• Track remediation activities and perform control testing
• Contribute to cyber maturity assessments and continuous improvement initiatives such as ACET and CAT
• Partner with internal teams, MSSPs, auditors, and business units to strengthen security practices
• Deliver cybersecurity awareness guidance on phishing, social engineering, and data protection
• Stay current on emerging threats, technologies, and regulatory developments

Benefits

• medical
• dental
• vision
• disability and life insurance
• 401(k)-profit sharing plan with employer matching