Data Governance & Security Analyst

DescriptionWho We AreThread Bank is a digital-first financial technology community bank that aims to enhance customer engagement through innovative solutions. Thread Bank offers a modern website, a CRM system, and a mobile app to simplify banking for businesses and individuals. Our embedded banking solution helps business technology platforms provide secure banking experiences. We also partner with other banks, credit unions, and FinTechs to integrate compliant financial solutions. Thread Bank values innovation, collaboration, and flexibility, offering excellent benefits and a family-friendly culture.What We Are Looking ForThread Bank seeks a Data Governance and Security Analyst to support the Information Security Officer in running day-to-day security operations and executing the Bank’s data governance program. This is fundamentally a security-focused role. The ideal candidate is security-minded and sound in their judgment: they approach every task, including data governance work, through a security and risk lens.The Analyst handles routine security work such as SIEM alert review, access reviews, and vulnerability tracking. The Analyst also supports the Bank’s data governance program by maintaining data classification, retention, and access documentation across Snowflake, the core banking platform, and other systems of record. This is a hands-on operator role with direct mentorship from the Information Security Officer.What You’ll DoData Governance SupportMaintain data classification documentation and data inventories across Snowflake, the core banking platform, and other systems of recordTrack data owners and stewards; keep ownership lists current as the organization changesMonitor adherence to retention policies and escalate exceptionsConduct and document periodic data governance assessments across bank systems, reviewing classification accuracy, access appropriateness, retention compliance, and data handling practices against policyProvide administrative support for the Data Governance Committee, including scheduling, agendas, minutes, and action item trackingAssist the data team with access control reviews and data quality reportingSecurity OperationsMonitor and triage alerts from Arctic Wolf SIEM; escalate issues to the ISO as neededTrack vulnerability scan results and follow up with IT Operations on remediationSupport incident response activities under the direction of the ISO, including evidence collection, documentation, and post-incident write-upsAssist with coordination of annual penetration testing and remediation trackingHelp maintain security awareness training, phishing test campaigns, and related reportingIdentity and AccessPerform quarterly user access reviews across Azure and Microsoft 365, AWS, Finxact, Snowflake, and other bank platformsDocument review outcomes and track remediation of inappropriate accessSupport onboarding and offboarding checklists for IT access provisioning and deprovisioningCompliance and Audit SupportCollect and organize evidence for internal audits, external audits, and regulatory exams (GLBA, SOX, BSA/AML)Maintain control documentation and track remediation of audit findingsRespond to auditor and examiner requests under the direction of the ISOBCP/DR SupportSupport annual BCP/DR tabletop exercises, including scheduling, note-taking, and tracking action items to closureMaintain the Bank’s BCP/DR documentation libraryThird-Party Risk Management SupportSupport TPRM assessments by providing security and data governance input on vendors that handle bank data or connect to bank systems, including review of questionnaire responses, SOC 2 reports, and data handling practicesServe as the security and data governance point of contact for TPRM on vendor findings, remediation, and re-assessment cadenceProject and Initiative SupportServe as the security and data governance subject-matter expert on bank projects and initiatives, including new system implementations, vendor onboarding, data integrations, and business-line changesReview project designs and requirements for security and data handling implications; document risks, recommend controls, and track follow-through to go-liveRepresent the Information Security Officer in project meetings as needed, escalating material risks or policy questions back to the ISOGeneralMaintain clear documentation and runbooks for all recurring tasksCoordinate day-to-day with IT Operations, the data team, Compliance, and TPRMPerform additional responsibilities as assigned by the ISO or business needsLocation RequirementNashville Office-Based PositionRequired QualificationsBachelor’s degree in Information Systems, Cybersecurity, Computer Science, Information Assurance, or a related field; equivalent work experience will be considered2–4 years of experience in information security, IT audit, GRC, or a related roleWorking knowledge of common security concepts: access controls, vulnerability management, phishing, incident response basicsExperience reviewing SIEM alerts, access reports, or audit logsFamiliarity with at least one major cloud environment (Azure or AWS)General awareness of U.S. banking and financial services regulations (GLBA, SOX, BSA/AML)Strong written communication and documentation skillsOrganized, detail-oriented, and able to manage recurring tasks and deadlines without close supervisionPreferred QualificationsPrior experience at a community bank, credit union, fintech, or regulated financial institutionFamiliarity with Arctic Wolf or another managed SIEM serviceExposure to Snowflake, Microsoft 365, or AWS administrationFamiliarity with data management frameworks such as DAMA-DMBOK, DCAM, or similarFamiliarity with quantitative risk analysis frameworks such as Open FAIR or equivalentExposure to data catalog, metadata, or data governance tooling such as DataHub, Collibra, Alation, Atlan, or InformaticaData governance or data management certifications (DAMA CDMP, ICCP CDP, DGSP, or IAPP CIPP/CIPM)Security certifications or progress toward them (Security+, SSCP, CDPSE, or CISA-in-training)Employee must be able to perform essential functions of the position and, if requested, Thread Bank will make reasonable accommodations to enable employees with disabilities to perform the essential functions of their job, absent undue hardship, in accordance with the ADA.Thread Bank is an Equal Opportunity Employer. Thread Bank does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.By submitting your application, you give Thread Bank permission to email, call, or text you using the contact details provided. We will only contact you with job-related information.