Security and Data Governance Analyst

About The Position

Requirements

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Information Assurance, or a related field; equivalent work experience will be considered
• 2–4 years of experience in information security, IT audit, GRC, or a related role
• Working knowledge of common security concepts: access controls, vulnerability management, phishing, incident response basics
• Experience reviewing SIEM alerts, access reports, or audit logs
• Familiarity with at least one major cloud environment (Azure or AWS)
• General awareness of U.S. banking and financial services regulations (GLBA, SOX, BSA/AML)
• Strong written communication and documentation skills
• Organized, detail-oriented, and able to manage recurring tasks and deadlines without close supervision

Nice To Haves

• Prior experience at a community bank, credit union, fintech, or regulated financial institution
• Familiarity with Arctic Wolf or another managed SIEM service
• Exposure to Snowflake, Microsoft 365, or AWS administration
• Familiarity with data management frameworks such as DAMA-DMBOK, DCAM, or similar
• Familiarity with quantitative risk analysis frameworks such as Open FAIR or equivalent
• Exposure to data catalog, metadata, or data governance tooling such as DataHub, Collibra, Alation, Atlan, or Informatica
• Data governance or data management certifications (DAMA CDMP, ICCP CDP, DGSP, or IAPP CIPP/CIPM)
• Security certifications or progress toward them (Security+, SSCP, CDPSE, or CISA-in-training)

Responsibilities

• Monitor and triage alerts from Arctic Wolf SIEM; escalate issues to the ISO as needed
• Track vulnerability scan results and follow up with IT Operations on remediation
• Support incident response activities under the direction of the ISO, including evidence collection, documentation, and post-incident write-ups
• Assist with coordination of annual penetration testing and remediation tracking
• Help maintain security awareness training, phishing test campaigns, and related reporting
• Perform quarterly user access reviews across Azure and Microsoft 365, AWS, Finxact, Snowflake, and other bank platforms
• Document review outcomes and track remediation of inappropriate access
• Support onboarding and offboarding checklists for IT access provisioning and deprovisioning
• Maintain data classification documentation and data inventories across Snowflake, the core banking platform, and other systems of record
• Track data owners and stewards; keep ownership lists current as the organization changes
• Monitor adherence to retention policies and escalate exceptions
• Conduct and document periodic data governance assessments across bank systems, reviewing classification accuracy, access appropriateness, retention compliance, and data handling practices against policy
• Provide administrative support for the Data Governance Committee, including scheduling, agendas, minutes, and action item tracking
• Assist the data team with access control reviews and data quality reporting
• Collect and organize evidence for internal audits, external audits, and regulatory exams (GLBA, SOX, BSA/AML)
• Maintain control documentation and track remediation of audit findings
• Respond to auditor and examiner requests under the direction of the ISO
• Support annual BCP/DR tabletop exercises, including scheduling, note-taking, and tracking action items to closure
• Maintain the Bank’s BCP/DR documentation library
• Support TPRM assessments by providing security and data governance input on vendors that handle bank data or connect to bank systems, including review of questionnaire responses, SOC 2 reports, and data handling practices
• Serve as the security and data governance point of contact for TPRM on vendor findings, remediation, and re-assessment cadence
• Serve as the security and data governance subject-matter expert on bank projects and initiatives, including new system implementations, vendor onboarding, data integrations, and business-line changes
• Review project designs and requirements for security and data handling implications; document risks, recommend controls, and track follow-through to go-live
• Represent the Information Security Officer in project meetings as needed, escalating material risks or policy questions back to the ISO
• Maintain clear documentation and runbooks for all recurring tasks
• Coordinate day-to-day with IT Operations, the data team, Compliance, and TPRM
• Perform additional responsibilities as assigned by the ISO or business needs

Benefits

• excellent benefits
• family-friendly culture