IT Security Analyst II (Remote Eligible)

at  Busey Bank

POSITION SUMMARY

Information Security GRC Analysts gain exposure to a broad range of information security and operational functions of the overall organization. You’ll have a direct hand in developing policies, standards, and guidance for technology and business line partners, managing policy exceptions, and ensuring organizational alignment with policy expectations. Additionally, you’ll directly support annual compliance efforts through coordination with internal and external audit/assessor partners and will lead user attestations monitoring access to critical systems and applications in use by the organization.
You’ll assist in building data visualizations to present key risk metrics for board and executive committee review. You’ll be heavily involved with enterprise training and awareness activities, including the development of annual security trainings, phishing simulations, and ad-hoc training on emerging risks (i.e., generative AI).

KNOWLEDGE AND ABILITIES:

• Knowledge of one or more compliance standards, including Payment Card Industry (PCI), Gramm-Leach-Bliley Act (GLBA), Federal Financial Institutions Examination Council (FFIEC), Sarbanes-Oxley (SOX).
• Knowledge of one or more cybersecurity frameworks National Institute of Standards (NIST) or International Standards Organization (ISO).
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well.
• Self-starter requiring minimal supervision.
• Effective verbal and written communication skills, including presentation and data analysis capabilities.
• Excellence in communicating business risk and remediation requirements from assessments.
• Analytical and problem-solving mindset.
• Highly organized and efficient.
• Demonstrated effective decision-making skills.

EDUCATION AND TRAINING:

• 2-3+ years of relevant cybersecurity and/or IT experience.
• Bachelor’s degree or equivalent experience
• On-the-job training in relevant roles relating to information security, identity governance, and IT audit.
• Preferably, one of the following: CISA, Security+, CySA+, or CISM; or willingness to pursue a certification within the first six months of hire.
• Customer Service - Adheres to The Busey Promise service standards set by Service Plus (Busey’s service model) to anticipate and exceed the needs of our customers, both internal and external.
  Remote Eligible In: Illinois, Indiana, Missouri, Florida, Georgia, Iowa, Kentucky, Michigan, North Carolina, Ohio, South Dakota, Tennessee, Texas and Wisconsin

DUTIES & RESPONSIBILITIES:

• Ensure all regulatory and compliance requirements for security awareness are met.
• Create innovative security awareness campaigns and communications using solution provider tools.
• Create baseline foundational campaigns required for all employees, but also adapt and tailor campaigns to focus on role-specific requirements.
• Align security awareness program with the enterprise’s primary threats and measure the impact of training.
• Support identity access management governance, policies, and solutions across SSO, MFA, privileged accounts, etc.
• Document access, policies, and exceptions, and maintain integrity for audit reviews.
• Review internal, external, and contractor accounts as part of periodic user attestations.
• Conducting enterprise-wide risk assessments in tandem with Compliance and Risk Management that protect the business and adhere with compliance and privacy laws.
• Stay current with the evolving threat and regulatory landscapes.
• Develop and collect key performance indicators and related operational metrics to validate success as well as future areas of improvement.
• Complete other duties as assigned.