Security Analyst Information Protection 2 - Cyber Security

About The Position

Requirements

• Banking is a highly regulated industry and you will be expected to acquire and maintain a proficiency in the Bank's policies and procedures, and adhere to all laws, rules and regulations that are applicable to your conduct and the work you will be performing. You will also be expected to complete all assigned compliance training in a timely manner.
• Strong understanding of security best practices, secure data handling, and foundational security principles (confidentiality, integrity, availability, least privilege, etc.).
• Familiarity with common security and technology frameworks, such as NIST, CIS Controls, and Zero Trust principles.
• Ability to analyze technical information, interpret security findings, and communicate effectively with technical and non-technical audiences.
• Strong problem-solving, documentation, and organizational skills with the ability to support multiple initiatives simultaneously.
• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field required.
• Minimum 1 year of experience in Information Security, Cybersecurity, or a related discipline required.

Nice To Haves

• Hands-on knowledge or experience with data protection technologies, such as data loss prevention, data classification/labeling, data rights management, encryption, or data discovery tools preferred.
• Security certifications such as Security+, CySA+, SSCP, or similar credentials, preferred.

Responsibilities

• Maintains and tunes enterprise DLP policies across email, endpoint, cloud, and network channels.
• Administers and supports data classification and labeling frameworks to ensure proper handling of sensitive data (e.g., customer financial information, internal confidential, PII, PCI).
• Manages and optimizes DRM solutions to enforce encryption, access restrictions, and secure collaboration.
• Contributes to the design, deployment, and administration of cyber technologies and processes that reduce the risk of data compromise.
• Assists with testing, validation, and quality assurance of data protection and data security solutions, ensuring proper functionality and alignment with requirements.
• Supports ongoing efforts to strengthen existing controls that protect against data exfiltration and unauthorized data movement.
• Maintains and updates regularly enterprise data inventory, ensuring accurate tracking of sensitive information across systems and business processes.
• Partners with data management, data governance, and business units to ensure data protection controls align with policies, regulatory requirements, and secure data-handling procedures.
• Collaborates with business units to understand data workflows and recommend improvements to reduce exposure.
• Assists in root-cause analysis for data leakage events and recommend control improvements.
• Participates in technology and software evaluations, assessing solutions based on data protection, endpoint risks, and security requirements.
• Works closely with Cloud, Endpoint, and Identity teams to improve information protection posture.
• Provides awareness training and guidance on secure data handling.
• Supports ongoing and ad‑hoc reporting related to data protection program performance, compliance, and risk indicators.
• Contributes to various ad‑hoc Data Protection initiatives, adapting to evolving business needs, regulatory changes, and emerging risk areas.
• May handle other duties as assigned.