Information Security Analyst

Company Summary

We provide comprehensive commercial, personal, and online banking solutions to businesses in the Mid-Atlantic region and the national healthcare market. Our culture is characterized by authenticity, entrepreneurship, and compassion. We defy conventional banking norms with a bold and innovative approach, venturing into new territories and executing groundbreaking deals. Recognized as the Best Place to Work by the Baltimore Business Journal in both 2022, 2023, and 2024, our #1 goal is to make people feel that working here was the best decision they have made. Join us at CFG, where your bold, entrepreneurial, and tenacious spirit will thrive, and together we will achieve success and make a lasting impact.

Position Summary

The Information Security Analyst performs a critical role in managing CFG’s information security environment. The Analyst oversees the successful implementation and maintenance of the information security program and actively engages in ongoing third-party risk management activities. The Analyst will be responsible for ensuring Bank compliance with information security and third-party risk-related laws, regulations, and industry standards. A successful candidate will be a skillful communicator, capable of clearly articulating complex topics in written form.

Essential Duties And Responsibilities

Information Security Program (ISP):

• Promoting information security awareness across business units.
• Establishing and maintaining information security policies and procedures.
• Reviewing audit logs, events, reports, and alerts, formulating responses with thoroughly evidenced and well-reasoned discussion of appropriate resolution.
• Monitoring and reporting on patch and vulnerability management strategies.
• Identifying areas of non-compliance or risk and presenting recommendations for remediation.
• Participating in systems and controls risk assessments.
• Managing the social engineering awareness program, including suspicious message review, periodic training and testing deployment, and reporting functions.
  
  

Third Party Risk Management (TPRM) Program

• Participating in the active management and oversight of the TPRM lifecycle.
• Conducting TPRM risk assessments, proactively identifying and addressing potential 3rd and 4th party risks.
• Collecting and reviewing documentation associated with third party relationships.
• Completing comprehensive written evaluations of vendor provided documentation.
• Ensuring timely completion of oversight tasks in alignment with established requirements.
• Contributing to TPRM policy and procedure development, ensuring compliance with laws, regulations, and industry best practices.
• Providing regular progress reports.
  
  

Qualifications And Requirements

• Bachelor's degree in information technology or related field, or equivalent relevant work experience. Related professional certifications will also be considered.
• 3-5 years’ information security related experience, preferably in a financial institution setting.
• Excellent written and verbal communication skills including the ability to conduct thorough, documented research and present findings clearly and comprehensively.
• Strong analytical and critical thinking capabilities.
• Strong work ethic and ability to achieve individual results within a team environment.
• Ability to work independently and manage multiple concurrent tasks while meeting deadlines.
  
  

WORK ENVIRONMENT: We offer a hybrid schedule, with 3 days inoffice and 2 days remote after the initial 90-day period.

CFG Bank is an Equal Opportunity Employer. We provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other legally protected characteristic. We are committed to ensuring a diverse and inclusive workplace, and all employment decisions are based on merit, qualifications, and business needs. If you require accommodations during the application process, please contact Human Resources.