Senior Information Security GRC Analyst

Summary:

Responsible for assessing, mitigating, and managing security risks within Sutton Bank. This role demands a high degree of technical expertise, analytical skills, and the ability to communicate effectively with stakeholders across various levels of the organization. Ensures the confidentiality, integrity, and availability of sensitive data while maintaining compliance with regulatory standards and industry best practices.

Qualifications:

Education: Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or related field. Master's Degree preferred.

Licenses/Certifications: Valid Driver's License, CISSP, CISA or CRISC.

Experience: Five or more years of combined experience in information security, IT or risk management, preferably in a financial institution. Experience leading a team. Or equivalent combination of education and experience.

Essential Functions:

Job Specific:

Designs and executes end-to-end risk assessments that include internal, third party and fourth party vendors, identifying high-impact vulnerabilities, threats, and business risk across the enterprise.

Oversees compliance with security policies, industry standards, and regulations (e.g., NIST CSF, HIPAA, NIST 800-53, PCI-DSS, GDPR, GLBA or ISO 27001).

Develops and updates security policies, standards, and procedures to address evolving risk and regulatory requirements.

Leads audit preparation and response efforts, managing interactions with external auditors and ensuring timely resolution of findings.

Leads investigations into security incidents, performing detailed root cause analysis and impact assessments.

Oversees enterprise-wide vulnerability management program, including scanning, prioritization, and remediation strategies.

Designs and implements advanced security metrics and key risk indicators (KRIs) to measure and communicate risk posture.

Acts as a trusted advisor to senior management, providing insights on risk trends, mitigation strategies, and security investments.

Collaborates with business units, IT, legal and compliance teams to embed risk management into strategic initiatives and projects.

Mentors junior analysts, providing guidance on technical skills, risk methodologies, and professional development.Knowledge/Skills/Abilities:

Excellent verbal and written communications at both business and deep technical levels.

Advanced knowledge of multiple end-to-end systems development life cycles.

Strong understanding of and experience with process improvement and process mapping.

Strong leadership skills, dependable, curious, matrix-oriented, a visionary, solution oriented, delivers exemplary customer service and quality focused.

Excellent interpersonal skills.

Self-directed and motivated.

The ability to manage multiple tasks.

Technical writing.

Ability to read and comprehend instructions, correspondence, technical manuals and memos.

Ability to respond to common inquiries or complaints from employees, vendors and management staff.

Ability to effectively present information to individuals one-on-one or a small group setting.

Ability to articulate technical concepts to end-users.

Deep knowledge of information security principles and standards.

Advanced knowledge of TPRM platforms and ability to optimize.

Advanced knowledge of security tools such as firewalls, SIEM, vulnerability scanners, risk analysis tools, antivirus software, and intrusion detection systems.

Proactive Mindset: Staying ahead of emerging threats and taking initiative in risk mitigation.

Strong analytical and problem-solving skills.

Attention to Detail: Ability to identify subtle security vulnerabilities and ensure accurate documentation.

Adaptability: Capacity to learn and adapt to rapidly evolving security threats and technologies.

Teamwork: Willingness to collaborate with other team members for effective risk mitigation.

Time Management: Skill in prioritizing tasks and managing workload in a fast-paced environment.

Preferred: Relevant certifications such as CompTIA Security+, Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar credentials.

Sutton Bank is anEqual Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity, disability or protected veteran status.