What We Are Looking ForThread Bank seeks a Security and Data Governance Analyst to support the Information Security Officer in running day-to-day security operations and executing the Bank's data governance program. This is fundamentally a security-focused role. The ideal candidate is security-minded and sound in their judgment: they approach every task, including data governance work, through a security and risk lens.
The Analyst handles routine security work such as SIEM alert review, access reviews, and vulnerability tracking. The Analyst also supports the Bank's data governance program by maintaining data classification, retention, and access documentation across Snowflake, the core banking platform, and other systems of record. This is a hands-on operator role with direct mentorship from the Information Security Officer.
What You'll DoSecurity Operations
- Monitor and triage alerts from Arctic Wolf SIEM; escalate issues to the ISO as needed
- Track vulnerability scan results and follow up with IT Operations on remediation
- Support incident response activities under the direction of the ISO, including evidence collection, documentation, and post-incident write-ups
- Assist with coordination of annual penetration testing and remediation tracking
- Help maintain security awareness training, phishing test campaigns, and related reporting
Identity and Access
- Perform quarterly user access reviews across Azure and Microsoft 365, AWS, Finxact, Snowflake, and other bank platforms
- Document review outcomes and track remediation of inappropriate access
- Support onboarding and offboarding checklists for IT access provisioning and deprovisioning
Data Governance Support
- Maintain data classification documentation and data inventories across Snowflake, the core banking platform, and other systems of record
- Track data owners and stewards; keep ownership lists current as the organization changes
- Monitor adherence to retention policies and escalate exceptions
- Conduct and document periodic data governance assessments across bank systems, reviewing classification accuracy, access appropriateness, retention compliance, and data handling practices against policy
- Provide administrative support for the Data Governance Committee, including scheduling, agendas, minutes, and action item tracking
- Assist the data team with access control reviews and data quality reporting
Compliance and Audit Support
- Collect and organize evidence for internal audits, external audits, and regulatory exams (GLBA, SOX, BSA/AML)
- Maintain control documentation and track remediation of audit findings
- Respond to auditor and examiner requests under the direction of the ISO
BCP/DR Support
- Support annual BCP/DR tabletop exercises, including scheduling, note-taking, and tracking action items to closure
- Maintain the Bank's BCP/DR documentation library
Third-Party Risk Management Support
- Support TPRM assessments by providing security and data governance input on vendors that handle bank data or connect to bank systems, including review of questionnaire responses, SOC 2 reports, and data handling practices
- Serve as the security and data governance point of contact for TPRM on vendor findings, remediation, and re-assessment cadence
Project and Initiative Support
- Serve as the security and data governance subject-matter expert on bank projects and initiatives, including new system implementations, vendor onboarding, data integrations, and business-line changes
- Review project designs and requirements for security and data handling implications; document risks, recommend controls, and track follow-through to go-live
- Represent the Information Security Officer in project meetings as needed, escalating material risks or policy questions back to the ISO
General
- Maintain clear documentation and runbooks for all recurring tasks
- Coordinate day-to-day with IT Operations, the data team, Compliance, and TPRM
- Perform additional responsibilities as assigned by the ISO or business needs
LocationNashville Office-Based Position
Required Qualifications- Bachelor's degree in Information Systems, Cybersecurity, Computer Science, Information Assurance, or a related field; equivalent work experience will be considered
- 2-4 years of experience in information security, IT audit, GRC, or a related role
- Working knowledge of common security concepts: access controls, vulnerability management, phishing, incident response basics
- Experience reviewing SIEM alerts, access reports, or audit logs
- Familiarity with at least one major cloud environment (Azure or AWS)
- General awareness of U.S. banking and financial services regulations (GLBA, SOX, BSA/AML)
- Strong written communication and documentation skills
- Organized, detail-oriented, and able to manage recurring tasks and deadlines without close supervision
Preferred Qualifications
- Prior experience at a community bank, credit union, fintech, or regulated financial institution
- Familiarity with Arctic Wolf or another managed SIEM service
- Exposure to Snowflake, Microsoft 365, or AWS administration
- Familiarity with data management frameworks such as DAMA-DMBOK, DCAM, or similar
- Familiarity with quantitative risk analysis frameworks such as Open FAIR or equivalent
- Exposure to data catalog, metadata, or data governance tooling such as DataHub, Collibra, Alation, Atlan, or Informatica
- Data governance or data management certifications (DAMA CDMP, ICCP CDP, DGSP, or IAPP CIPP/CIPM)
- Security certifications or progress toward them (Security+, SSCP, CDPSE, or CISA-in-training)
