Information Security GRC Analyst
Sutton BankShare this job:
Summary
Responsible for protecting the integrity, confidentiality, and availability of Sutton Bank's information assets. This position requires a proactive professional with experience in assessing, identifying, and mitigating security risks while ensuring compliance with relevant regulatory and organizational standards.
Qualifications
Education: Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or related field.
Licenses/Certifications: Valid Driver's License. CISSP, CISA or CRISC or CEH preferred.
Experience: Three to five years of experience in information security, IT or risk management, preferably in a financial institution. Or equivalent combination of education and experience.
Essential Functions
A: Job Specific:
Job Posted by ApplicantPro
Responsible for protecting the integrity, confidentiality, and availability of Sutton Bank's information assets. This position requires a proactive professional with experience in assessing, identifying, and mitigating security risks while ensuring compliance with relevant regulatory and organizational standards.
Qualifications
Education: Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or related field.
Licenses/Certifications: Valid Driver's License. CISSP, CISA or CRISC or CEH preferred.
Experience: Three to five years of experience in information security, IT or risk management, preferably in a financial institution. Or equivalent combination of education and experience.
Essential Functions
A: Job Specific:
- Independently conducts in-depth assessments of information security risks by analyzing potential vulnerabilities within systems, applications, processes, and 3rd
- Ensures compliance with relevant standards such as ISO 27001, FFIEC, or NIST CSF frameworks.
- Prioritizes vulnerability remediation efforts based on risk severity.
- Coordinates with IT teams to ensure timely patching or mitigation.
- Works daily within TPRM platforms and improve functionality.
- Develops and maintains security metrics and dashboards to monitor risk trends and control effectiveness.
- Maintains and update risk registers, ensuring accurate tracking of risk and remediation plans.
- Excellent verbal and written communications at both business and deep technical levels.
- Excellent interpersonal skills.
- The ability to manage multiple tasks.
- Technical writing.
- Ability to read and comprehend instructions, correspondence, technical manuals and memos.
- Ability to respond to common inquiries or complaints from employees, vendors and management staff.
- Ability to effectively present information to individuals one-on-one or a small group setting.
- Ability to articulate technical concepts to end-users.
- Deep knowledge of information security principles and standards.
- Advanced knowledge of TPRM platforms and ability to optimize.
- Proactive Mindset: Staying ahead of emerging threats and taking initiative in risk mitigation.
- Strong analytical and problem-solving skills.
- Attention to Detail: Ability to identify subtle security vulnerabilities and ensure accurate documentation.
- Adaptability: Capacity to learn and adapt to rapidly evolving security threats and technologies.
- Teamwork: Willingness to collaborate with other team members for effective risk mitigation.
- Time Management: Skill in prioritizing tasks and managing workload in a fast-paced environment.
- Advanced knowledge of information security principles, standards and frameworks such as NIST, ISO and CIS Controls.
- Advanced knowledge of security tools such as firewalls, vulnerability scanning, antivirus software, and intrusion detection systems.
Job Posted by ApplicantPro
Job Type
- Job Type
- Full Time
- Location
- Columbus, OH
Share this job: