Information Security GRC Analyst

We are seeking a detail-oriented and organized Information Security GRC Analyst to support the governance, risk, and compliance functions of our Information Security Program. This role partners closely with the Information Security Officer (ISO) to ensure alignment with regulatory expectations, internal policies, and industry best practices. The ideal candidate will play a key role in maintaining a strong, audit-ready security posture through effective risk management, documentation, and program oversight. Candidates must currently reside in the state of Maine. We are not considering out-of-state applicants for this position. This fulltime position offers competitive pay, time off, benefits and a bonus plan. Opportunities for personal growth and professional development. And yes, a real opportunity to make a difference in the place where you live. We are proud to be on the 2025 list of Best Places to Work in Maine. Qualifications & Experience High school diploma or GED Experience in information security, IT, audit, compliance, or a related field preferred Banking or financial services experience preferred Key Responsibilities This role may include, but is not limited to: Coordinate enterprise security risk assessments and maintain the risk register, ensuring risks are properly identified, assessed, and tracked Manage third-party and vendor cybersecurity risk management activities Coordinate regulatory examinations, internal audits, and external security assessments Track and follow up on remediation efforts related to audit findings, risk mitigation plans, and security issues Maintain and update security policies, procedures, and program documentation Support the development and ongoing maintenance of the Business Continuity Program Coordinate Business Impact Analysis (BIA) activities and maintain continuity plans Assist with disaster recovery testing, including scheduling, documentation, and tracking of results Support the organization's security awareness and training initiatives Maintain organized, audit-ready documentation and evidence for regulatory compliance Perform additional duties in support of the Information Security and Risk Management Program Key Skills & Competencies Strong written and verbal communication skills Excellent organizational skills and attention to detail Proven ability to manage time effectively and handle multiple priorities Ability to work independently while collaborating across teams Analytical mindset with a focus on process improvement and risk awareness