Information Security GRC Analyst

Summary:

Responsible for protecting the integrity, confidentiality, and availability of Sutton Bank's information assets. This position requires a proactive professional with experience in assessing, identifying, and mitigating security risks while ensuring compliance with relevant regulatory and organizational standards.

Qualifications:

Education: Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or related field.

Licenses/Certifications: Valid Driver's License. CISSP, CISA or CRISC or CEH preferred.

Experience: Three to five years of experience in information security, IT or risk management, preferably in a financial institution. Or equivalent combination of education and experience.

Essential Functions:

A: Job Specific:

• Independently conducts in-depth assessments of information security risks by analyzing potential vulnerabilities within systems, applications, processes, and 3rd
• Ensures compliance with relevant standards such as ISO 27001, FFIEC, or NIST CSF frameworks.
• Prioritizes vulnerability remediation efforts based on risk severity.
• Coordinates with IT teams to ensure timely patching or mitigation.
• Works daily within TPRM platforms and improve functionality.
• Develops and maintains security metrics and dashboards to monitor risk trends and control effectiveness.
• Maintains and update risk registers, ensuring accurate tracking of risk and remediation plans.

Knowledge/Skills/Abilities:

• Excellent verbal and written communications at both business and deep technical levels.
• Excellent interpersonal skills.
• The ability to manage multiple tasks.
• Technical writing.
• Ability to read and comprehend instructions, correspondence, technical manuals and memos.
• Ability to respond to common inquiries or complaints from employees, vendors and management staff.
• Ability to effectively present information to individuals one-on-one or a small group setting.
• Ability to articulate technical concepts to end-users.
• Deep knowledge of information security principles and standards.
• Advanced knowledge of TPRM platforms and ability to optimize.
• Proactive Mindset: Staying ahead of emerging threats and taking initiative in risk mitigation.
• Strong analytical and problem-solving skills.
• Attention to Detail: Ability to identify subtle security vulnerabilities and ensure accurate documentation.
• Adaptability: Capacity to learn and adapt to rapidly evolving security threats and technologies.
• Teamwork: Willingness to collaborate with other team members for effective risk mitigation.
• Time Management: Skill in prioritizing tasks and managing workload in a fast-paced environment.
• Advanced knowledge of information security principles, standards and frameworks such as NIST, ISO and CIS Controls.
• Advanced knowledge of security tools such as firewalls, vulnerability scanning, antivirus software, and intrusion detection systems.

Sutton Bank is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability, pregnancy or protected veteran status.