Information Security Analyst

Information Security Analyst Role Overview PrideStaff, a staffing agency in Bend, Oregon, is seeking a detail-oriented Information Security Analyst for a financial institution based in Bend, Oregon. This role monitors security tools, investigates threats, and ensures compliance with financial regulations. You will work closely with IT teams and third-party vendors to maintain a secure operating environment for the Central Oregon community. Core Responsibilities Actively monitor the organization's security stack, including SIEM, EDR, and network tools, focusing on initial investigation, triage, and incident response. Conducting regular scans, analyzing results, and coordinating with IT operations to ensure patching and remediation timelines are met. Provide security oversight during system implementations and technology upgrades, ensuring that security controls and configurations are embedded into new projects. Support regulatory compliance, preparing documentation for NCUA, FFIEC, and GLBA requirements and conducting third-party vendor security reviews. Manage security governance developing and maintaining information security policies, standards, and business continuity planning. Lead security awareness and training initiatives, including employee education, phishing simulations, and tracking training completion across the organization. Assist with other job-related duties as assigned. Key Performance Indicators Maintain 95% SLA for security alert reviews. Meet MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) targets. Reduction in phishing click rates and high training completion scores. Qualifications & Skills 3-5 years of related experience in information security or high-level IT infrastructure. Bachelor's degree in a related field OR achievement of formal industry certifications recognized as equivalent. Familiarity with SIEM, EDR, IDS/IPS, and vulnerability scanners. Understanding of financial regulatory frameworks (FFIEC, GLBA) is highly preferred. CompTIA Security+, CySA+, CCSK, or CCSP preferred. Ability to communicate complex security concepts to both internal members and external vendors.