Job Specifications
About Us
Capital Bank N.A. is headquartered in Maryland and has been serving our communities since 1999. We stand as a publicly traded company (NASDAQ: CBNK) with over $3 billion in assets. We offer commercial and consumer banking services to clients in Maryland, DC, and Northern Virginia, alongside two nation-wide lending brands; Capital Bank Home Loans and OpenSky, a credit card division that offers and services credit cards across all states. Our personalized approach to banking, paired with cutting-edge technology solutions and a comprehensive suite of products and services, fuels our growth, and enables us to support our customers at every stage in their financial journey.
Come join a bank where our employees thrive and are engaged in meaningful work. For the last 5 out of 6 years, Capital Bank was named one of the "Best Banks to Work For" in the U.S. by American Banker.
Position Purpose
The GRC and Privacy Analyst plays a critical role in managing risks related to information technology, information security, privacy, regulatory compliance, and governance. This role ensures that the organization's operations and procedures meet government and industry compliance standards. The analyst will work closely with IT and business units to identify and mitigate security risks, maintain regulatory compliance, and protect digital assets.
Position Responsibilities
Conduct gap analysis and implement frameworks and standards such as CRI, PCI-DSS, GLBA, NIST, and SOX.
Develop and revise policies, standards, processes, and guidelines for the organization.
Conduct vendor risk assessments and ensure compliance with organizational security requirements.
Oversee data privacy practices and ensure alignment with regulatory requirements.
Support organizational compliance initiatives and the development of governance frameworks.
Monitor regulatory changes and promote ethical behavior across the organization.
Conduct regular security assessments and penetration testing.
Assist in the development and maintenance of identity and access management procedures.
Participate in incident response and business continuity planning.
Collaborate with cross-functional teams to integrate security controls into business processes.
Participate in employee education and awareness programs related to security and privacy.
Stay updated on emerging threats, vulnerabilities, and industry best practices.
Monitor network traffic and security logs to detect and analyze potential security threats, anomalies, and breaches. Utilize centralized XDR system to identify and respond to unauthorized activities.
Collaborate with IT teams to prioritize and remediate vulnerabilities in a timely manner.
Participate in technical and non-technical projects requiring security oversight to ensure policies, procedures and standards are met.
Assist with investigation and response to security incidents. Coordinate with internal teams to mitigate the impact of security incidents and prevent future occurrences.
Participate in employee education events for employees to raise awareness of security threats and security best practice.
Participate in periodic IT/IS audits, exams and assessments, as
Perform other security-related duties as
Minimum Education And Experience
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent experience).
Minimum of 3 years of experience in information security, privacy, or a related role, preferably in a regulated financial institution.
Relevant certification such as CISA, CISSP, CRISC, CompTIA Security+, or
Experience with GRC tools such as ServiceNow, Process Unity, AuditBoard, Tandem.
Knowledge of regulatory frameworks CRI, PCI-DSS, GLBA, NIST, SOX, Reg P.
Strong analytical and problem-solving skills with an ability to assess risks.
Knowledge of relevant security and compliance frameworks, standards, and
Ability to assist all levels of the organization with understanding security as it relates to their functional area.
Ability to work independently and in a team setting, and across external and internal stakeholder groups.
Technical Knowledge And Skills
Microsoft Office software suite (Word, Excel, PowerPoint, etc)
Microsoft 365 Security and Compliance Centers
Knowledge of information security management standards and frameworks, such as PCI-DSS,
ISO and NIST CSF
Proficiency in security tools and technologies, network protocols, and operating
Strong analytical and problem-solving skills with an ability to think critically and assess
Effective communication skills to collaborate with cross-functional teams and convey security- related information.
Capable of working in a fast paced, dynamically changing and team-oriented
Ability to find innovative solutions while working with existing
Working Arrangements
This is a hybrid role expected to work in office Monday, Tuesday, Thursday, and Friday. You will be able to work remotely on Wednesday.
Open to remote candidate's depe
About the Company
Capital Bank N.A., headquartered in Rockville, Maryland is a Maryland chartered commercial bank that offers commercial and consumer banking services to clients in the Washington D.C. metropolitan area, alongside two nation-wide lending brands; Capital Bank Home Loans, a mortgage division that lends in all 50 states, and OpenSky a credit card division that offers and services credit cards across all states. Capital Bank focuses on merging digitally based products with personalized services. This enables our commercial sales t...
Know more