IT Security Analyst

About The Position

Requirements

• Bachelor’s degree in Information Technology or similar field or equivalent work experience.
• 4-6 years of experience in IT risk, vulnerability management, or cybersecurity.
• Experience coordinating multi-team resources to meet remediation objectives.
• Experience with vulnerability scanning tools, remediation streams, and release schedules.
• Strong knowledge of vulnerability release schedules and patching best practices.
• Ability to assess and prioritize vulnerability risk data effectively.
• Proficiency in creating advanced reports and organizing complex data streams.
• Skilled in using vulnerability scanning, asset management, and asset discovery tools.
• Ability to research and respond to technical inquiries related to vulnerabilities.
• Strong organizational and meeting facilitation skills.
• Excellent analytical, communication, and project management skills.
• Ability to lead multi faced teams in a coordinated fashion.
• Provide feedback and guidance to IT staff on remediation efforts.

Nice To Haves

• Industry certifications such as CISSP, CISA, or Security+ are preferred.

Responsibilities

• Lead vulnerability analysis and prioritization based on risk, business impact, and threat intelligence; recommend remediation strategies to IT leadership.
• Oversee the patch management lifecycle, ensuring timely application of security updates.
• Maintain accurate records and databases of vulnerabilities, remediation status, and vendor updates.
• Monitor and track asset vulnerabilities, including EOL software/hardware, for proactive planning.
• Assess and quantify risk related to asset lifecycles.
• Research and validate patches daily from vendor sources and threat intelligence feeds.
• Assign remediation tasks to patching administrators and follow up on completion.
• Facilitate weekly patch status meetings and report progress to leadership.
• Design and implement metrics-driven dashboards to track remediation progress, trends, and effectiveness across the organization.
• Evaluate and optimize patch management processes, identifying opportunities for automation and continuous improvement.
• Conduct root cause analysis on recurring vulnerabilities and propose long-term solutions to mitigate systemic risks.
• Develop, review, and maintain vulnerability management policies and procedures.
• Create risk models to quantify and communicate potential business impact.
• Ensure assets run current versions of standardized operational and security software.
• Analyze asset lifecycle data to forecast future remediation needs and budgetary impacts.
• Collaborate with vendors and internal teams to remediate identified vulnerabilities.
• Prepare executive-level reports and presentations that translate technical remediation data into actionable business insights.
• Coordinate with audit, compliance, and legal teams to ensure remediation activities meet all regulatory and policy standards.
• Serve as the primary point of contact for internal and external stakeholders regarding vulnerability remediation status, strategy, and outcomes.
• Develop and deliver training materials to IT staff and business units on remediation best practices and emerging threats.
• Proactively identify and resolve false positives in vulnerability scans and assessments.
• Research and recommend new tools, technologies, and methodologies to enhance vulnerability detection and remediation capabilities.
• Benchmark organizational remediation performance against industry standards and peer organizations, driving adoption of best practices.
• Lead post-remediation reviews to assess effectiveness and document lessons learned for future process enhancements.
• Know by name and face as many customers and employees as possible, calling them by name as often as possible.
• Know and practice LOCBUTN, our Golden Rules, and Bell Bank Customer Service Standards.
• Know, understand, and live the company values and bottom line.
• Conduct activities consistent with established Bell Bank policies, procedures and systems, the Bell Bank Employee Conduct policies, the Bank Secrecy Act and all applicable state and federal laws and regulations.
• All employees are responsible for information security, including compliance with policies and standards which protect sensitive information.
• Prompt and reliable attendance.
• Perform other duties as assigned.