Data Governance & Security Analyst

Who We Are

Thread Bank is a digital-first financial technology community bank that aims to enhance customer engagement through innovative solutions. Thread Bank offers a modern website, a CRM system, and a mobile app to simplify banking for businesses and individuals. Our embedded banking solution helps business technology platforms provide secure banking experiences. We also partner with other banks, credit unions, and FinTechs to integrate compliant financial solutions. Thread Bank values innovation, collaboration, and flexibility, offering excellent benefits and a family-friendly culture.

What We Are Looking For

Thread Bank seeks a Data Governance and Security Analyst to support the Information Security Officer in running day-to-day security operations and executing the Bank's data governance program. This is fundamentally a security-focused role. The ideal candidate is security-minded and sound in their judgment: they approach every task, including data governance work, through a security and risk lens.

The Analyst handles routine security work such as SIEM alert review, access reviews, and vulnerability tracking. The Analyst also supports the Bank's data governance program by maintaining data classification, retention, and access documentation across Snowflake, the core banking platform, and other systems of record. This is a hands-on operator role with direct mentorship from the Information Security Officer.

What You'll Do

Data Governance Support

• Maintain data classification documentation and data inventories across Snowflake, the core banking platform, and other systems of record
• Track data owners and stewards; keep ownership lists current as the organization changes
• Monitor adherence to retention policies and escalate exceptions
• Conduct and document periodic data governance assessments across bank systems, reviewing classification accuracy, access appropriateness, retention compliance, and data handling practices against policy
• Provide administrative support for the Data Governance Committee, including scheduling, agendas, minutes, and action item tracking
• Assist the data team with access control reviews and data quality reporting

Security Operations

• Monitor and triage alerts from Arctic Wolf SIEM; escalate issues to the ISO as needed
• Track vulnerability scan results and follow up with IT Operations on remediation
• Support incident response activities under the direction of the ISO, including evidence collection, documentation, and post-incident write-ups
• Assist with coordination of annual penetration testing and remediation tracking
• Help maintain security awareness training, phishing test campaigns, and related reporting

Identity and Access

• Perform quarterly user access reviews across Azure and Microsoft 365, AWS, Finxact, Snowflake, and other bank platforms
• Document review outcomes and track remediation of inappropriate access
• Support onboarding and offboarding checklists for IT access provisioning and deprovisioning

Compliance and Audit Support

• Collect and organize evidence for internal audits, external audits, and regulatory exams (GLBA, SOX, BSA/AML)
• Maintain control documentation and track remediation of audit findings
• Respond to auditor and examiner requests under the direction of the ISO

BCP/DR Support

• Support annual BCP/DR tabletop exercises, including scheduling, note-taking, and tracking action items to closure
• Maintain the Bank's BCP/DR documentation library

Third-Party Risk Management Support

• Support TPRM assessments by providing security and data governance input on vendors that handle bank data or connect to bank systems, including review of questionnaire responses, SOC 2 reports, and data handling practices
• Serve as the security and data governance point of contact for TPRM on vendor findings, remediation, and re-assessment cadence

Project and Initiative Support

• Serve as the security and data governance subject-matter expert on bank projects and initiatives, including new system implementations, vendor onboarding, data integrations, and business-line changes
• Review project designs and requirements for security and data handling implications; document risks, recommend controls, and track follow-through to go-live
• Represent the Information Security Officer in project meetings as needed, escalating material risks or policy questions back to the ISO

General

• Maintain clear documentation and runbooks for all recurring tasks
• Coordinate day-to-day with IT Operations, the data team, Compliance, and TPRM
• Perform additional responsibilities as assigned by the ISO or business needs

Location Requirement

Nashville Office-Based Position

Required Qualifications

• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, Information Assurance, or a related field; equivalent work experience will be considered
• 2-4 years of experience in information security, IT audit, GRC, or a related role
• Working knowledge of common security concepts: access controls, vulnerability management, phishing, incident response basics
• Experience reviewing SIEM alerts, access reports, or audit logs
• Familiarity with at least one major cloud environment (Azure or AWS)
• General awareness of U.S. banking and financial services regulations (GLBA, SOX, BSA/AML)
• Strong written communication and documentation skills
• Organized, detail-oriented, and able to manage recurring tasks and deadlines without close supervision

Preferred Qualifications

• Prior experience at a community bank, credit union, fintech, or regulated financial institution
• Familiarity with Arctic Wolf or another managed SIEM service
• Exposure to Snowflake, Microsoft 365, or AWS administration
• Familiarity with data management frameworks such as DAMA-DMBOK, DCAM, or similar
• Familiarity with quantitative risk analysis frameworks such as Open FAIR or equivalent
• Exposure to data catalog, metadata, or data governance tooling such as DataHub, Collibra, Alation, Atlan, or Informatica
• Data governance or data management certifications (DAMA CDMP, ICCP CDP, DGSP, or IAPP CIPP/CIPM)
• Security certifications or progress toward them (Security+, SSCP, CDPSE, or CISA-in-training)

Employee must be able to perform essential functions of the position and, if requested, Thread Bank will make reasonable accommodations to enable employees with disabilities to perform the essential functions of their job, absent undue hardship, in accordance with the ADA.

Thread Bank is an Equal Opportunity Employer. Thread Bank does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.

By submitting your application, you give Thread Bank permission to email, call, or text you using the contact details provided. We will only contact you with job-related information.