Analyst, Senior GRC Information Security Analyst

BANC OF CALIFORNIA AND YOUR CAREER

Banc of California, Inc. (NYSE : BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation’s premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through its subsidiary, Deepstack Technologies. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more.

At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values – Entrepreneurialism, Operational Excellence, and Superior Analytics – empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN®

THE OPPORTUNITY

The Senior GRC Information Security Analyst role will be part of the Information Security Governance, Risk, & Compliance (GRC) team at Banc of California. The Information Security GRC team is responsible for the overall security posture of Banc of California by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk, and compliance programs. In addition, the Information Security GRC team is directly involved with supporting and enabling Information Technology, Information Security compliance initiatives.

We seek a Senior GRC Information Security Analyst with extensive experience implementing, managing, and maturing compliance programs, including but not limited to SOC2, ISO27xxxx, GLBA, GDPR, and CCPA. The individual must possess a significant level of technical knowledge that allows for clear communication with security and technology stakeholders and the ability to provide actionable guidance and recommendations on processes.

As a member of the Information Security GRC team, this role will be instrumental in supporting the strategy of the GRC program in partnership with senior management. In addition to technical acumen, the role requires an individual who is results-oriented, pragmatic, and demonstrates effective problem-solving and communication skills. The Senior GRC Information Security Analyst often serves as the subject matter expert for colleagues and line-of-business managers, and experience with multiple technologies, compliance requirements and risk management methodologies are crucial . Performs all duties in accordance with the Company’s policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

HOW YOU’LL MAKE A DIFFERENCE

• Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture.
• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
• Lead critical control activities with stakeholders across the business, quantifying risk, evaluating mitigations, and driving actions to measurably reduce risk.
• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
• Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
• Validate that information security requirements are built into architecture and new technology projects.
• Maintain Information Security risk register, report monthly to appropriately address key risk areas.
• Conduct technical security posture review for annual vendor monitoring and re-assessment processes for new and existing vendors.
• Provide support to the Information Security Incident Response team during cyber / privacy incidents.
• Support internal and external audits by providing documentation and supporting evidence of compliance.
• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
• Prepare detailed reports for senior leadership, including KRI and KPI.
• Act as a mentor, advisory, and escalation point for team members and stakeholders.
• Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.
• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
• Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.
• Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.
• Performs other duties and projects as assigned.

WHAT YOU’LL BRING

HOW WE’LL SUPPORT YOU

SALARY RANGE

The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors.

Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to age (40 and over), ancestry, color, religious creed (including religious dress and grooming practices), denial of Family and Medical Care Leave, disability (mental and physical) including HIV and AIDS, marital status, medical condition (cancer and genetic characteristics), genetic information, military and veteran status, national origin (including language use restrictions), race, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, gender expression, and sexual orientation. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition.