Description

nformation Security Analyst (Exempt) Reports to: Corporate Information Security, Resilience, and Data Officer (CISRDO) Overview The Information Security Analyst supports the organization's Information Security program by aligning technical security controls with business and regulatory requirements. This role focuses on risk management, regulatory compliance, executive reporting, and security program coordination within a financial services environment. Key Responsibilities

• Coordinate and support the Corporate Information Security program, including policies, procedures, standards, risk assessment tools, and security training and awareness initiatives.
• Ensure compliance with financial services regulations and frameworks, including FFIEC, GLBA, SEC, and FINRA.
• Develop executive-level reporting, Key Risk Indicators (KRIs), and security metrics for senior leadership and Board presentations.
• Partner with operational and technical security teams to understand and assess production controls and processes.
• Create and maintain security architecture and network diagrams documenting data flows, security controls, and third-party/vendor dependencies.
• Assess the effectiveness of security controls and recommend improvements.
• Serve as a technical consultant and project manager for security initiatives and risk assessments.

Qualifications

• Master's degree in information systems, information security, or a related field preferred.
• 5+ years of relevant experience, ideally within banking or financial services.
• Willingness to obtain and maintain security certifications such as CISA, CISSP, Security+, CEH, GSEC, or similar.
• Strong analytical skills, attention to detail, and root-cause analysis capabilities.
• Excellent written and verbal communication skills, with the ability to explain security concepts to non-technical audiences.
• Advanced proficiency with Microsoft Office (Word, Excel, PowerPoint, Visio).
• Experience managing or supporting security assessments and cross-functional projects.

 

The above statements are intended to describe the general nature and level of work to be performed by personnel assigned to this job.  This information is not intended to be an exhaustive list of all responsibilities, duties, and skills required of personnel assigned to this position.