Are you ready to take your career to the next level? Regional strives to positively impact the financial lives of our customers.

For over 35 years, our Team Members have been passionate about supporting customers through their financial challenges in life. They take pleasure in finding solutions and lending a helping hand, both to our customers and our communities. As we continue to grow and become a national brand in consumer financing, we hope you’ll consider us for future career opportunities.

If you are looking to make a meaningful impact in people’s lives by bringing a personal touch to finances, join our team today!

The Security Analyst position acts as a security professional with the responsibility to assess, design, and implement security controls in the environment with regards to, but not limited to, access entitlements. This position also functions in a governance capacity by assessing existing entitlements and new entitlement requests for appropriateness via an analysis of application purpose and job functions. As such, this position requires skilled experience and knowledge of security best practices, technical capabilities, application design, business practices, regulatory requirements, and emerging threats. The Security Analyst position supports all business units of the organization. The Security team works in support of compliance and data security requirements for the organization. A Security analyst supports the larger security effort of the organization by focusing on Security identity access governance as part of the Security IAM team. This position ensures that adequate and effective security processes and controls are followed and aligned to deliver compliance with established security policies. The Security Analyst will participate in the detection and remediation of cyber risks and ensure appropriate controls reflect workable compromises as well as proactive response. Participation in on call activities, after hours response, and holiday coverage as needed is expected.

Duties and Responsibilities

• Utilizing your security training, monitor emerging threats respective of access control, assess applicability to the organization’s environment, and produce proactive remediation plans to mitigate the risk.
• Develop scripts, tools, and procedures to automate and scale scans, assessments, and other discovery activities.
• Assist other technical support staff in identifying and implementing appropriate security safeguards.
• Lead and assist with the implementation of security for new systems/projects with regards to entitlements.
• Independently coordinate daily tasks with team members to ensure proper coverage and response timelines.
• Develop security awareness and educate end users in appropriate access controls. Assist troubleshooting of access issues.
• Ownership of the business liaison role to assist other departments design and improve access controls.
• Lead identity discovery and remediation efforts during a cyber incident response.
• Participate in the use, development, testing, and health of identity access management automation applications.
• Responsible for analysis of new information systems to determine proper access controls. Test existing information systems for compliance with specifications. Document access controls for information systems.
• Assess appropriateness of and proper deployment of access entitlements for all employees, contractors, and vendors.
• Accurately modify user access to information systems after assessing and validating requests based on application purpose and user job functions.
• Review and ensure proper documentation, including necessary business approvals, accompany all requests.
• Responsible for the production, collaboration, and fulfillment of Quarterly User Reviews of all in-scope applications for SOX.
• Formulate and review role-based access for business entities.
• Create and maintain process documentation for the Security team.
• Periodically review controls and policies and makes recommendations for accuracy and improvements.
• Assist with internal and external audit activities and remediation requirements.
• Support data security, change management, disaster recovery, and compliance processes and initiatives.
• Monitor changes in regulatory requirements and ensure adequate entitlement controls exist.
• Updates job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
• Conduct interviews and provide assessments of potential job candidates.
• Process daily vendor requests in accordance with the Vendor Management Program.
• Assist with employee questions regarding Company’s Vendor Management and Licensing programs, policies, and procedures.
• Maintain vendor management system and functionality: responsible for adjustments and additions within the system for enhancements and upgrades.
• Responsible for executing and collecting evidence for all third-party risk management SOX controls.

Minimum Qualifications

• 3 to 5 years of experience is required
• Bachelors degree in a computer science related field or equivalent experience
• Active Information Security certification or ability to achieve within 6 months of hire (Security , SSCP, GSEC, etc.).
• Broad, in-depth, technical knowledge of application security principles and best practices
• Exceptional analytical skills, attention to detail, ability to prioritize, self-motivated, work under limited supervision
• Knowledge and experience with administering identity providers including AD, Azure AD, AWS IAM, etc.
• Demonstratable knowledge of a common scripting language such as Powershell, or Python

Preferred Qualifications

• Familiarity with NIST Cybersecurity framework.
• SOX and PCI experience preferred.
• Prior experience in highly regulated industry such as: banking, consumer finance, healthcare, or defense.

#LI-Remote

If you are a job applicant who resides in the state of California, please review our California Employee Privacy Policy at the following link: https://regionalfinance.com/wp-content/uploads/2022/11/UPDATED-Employee-Privacy-Policy-11.2022.pdf

Regional is an equal opportunity employer and does not discriminate on the basis of race, color, religion, creed, national origin, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, gender identity, transgender status, age, disability, genetic information, veteran status, uniform service, or any other characteristic protected by applicable law (“Protected Characteristics”). Regional’s policy of non-discrimination applies to all phases of the employment process and relationship, including, but not limited to, recruitment and selection; compensation and benefits; professional development and training; promotions and opportunities; transfers; social and recreational programs; layoff; and terminations.