Information Security Risk & Controls Analyst

At First Mid, base salary is one component of our Total Rewards program. Exact compensation is determined by factors such as (but not limited to) education, skills, internal equity, and experience. This position offers additional compensation in the form of discretionary short-term incentives (i.e. bonus, incentives, and/or commission). Benefits for this role include comprehensive healthcare, well-being benefits, paid family leave as well as generous paid time off.

Total Rewards also include banking perks, tuition reimbursement, an Employee Stock Purchase Plan, and a 401K plan with company match. Incentives and benefits are subject to eligibility requirements.

• Assist with user access reviews, including privileged account validation.
• Assist with SOX, GLBA, FFIEC, and OCC audits and exams by gathering and organizing evidence.
• Support monitoring of IT audit, regulatory, and penetration test findings to ensure timely remediation.
• Help maintain a software asset database and perform risk assessments on new IT assets, vendors, and system changes.
• Execute recurring monthly and quarterly second‑line validation monitoring of Information Security control activities.
• Maintain and update information security risk documentation.
• Assist with evidence gathering and validation of Information Security Risk Assessments, ensuring documentation is complete, accurate, and maintained for audit and regulatory review.
• Assist with the monitoring of antivirus, patch management, and vulnerability remediation tracking.
• Support the preparation of Key Risk Indicator (KRI) metrics and risk trend reporting for management and governance committees.
• Contribute to information security risk‑related communications and associate awareness efforts.
• Provide administrative support during incident response activities, including evidence collection, logging, and reporting.
• Assist with planning and documentation for the annual cybersecurity tabletop exercise.
• Participate in Enterprise Risk Management and IT governance discussions as directed by the Information Security Risk Officer.
• Collaborate with IT and other departments as needed to ensure seamless execution of second‑line validation responsibilities.
• Complete annual training associated with job functions.
• Perform other duties as assigned.

• Associate’s or Bachelor’s degree in Information Security, Risk Management, or a related field required.
• 1+ years of Information Security, IT Audit, or IT Risk Management experience required; banking or financial services experience a plus.
• Exposure to regulatory frameworks such as GLBA, FFIEC, NIST, or SOX preferred.
• Field‑related certification (e.g., Security+, CISA, or CySA+) a plus, or willingness to obtain in the future.

• Strong analytical and problem‑solving skills with close attention to detail.
• Ability to interpret and report on data trends and risk indicators.
• Familiarity with banking applications preferred.
• Strong proficiency in Microsoft Excel, including the ability to organize, analyze, and validate data using formulas, pivot tables, filters, and basic data analysis techniques.
• Ability to manage multiple tasks and meet deadlines in a fast‑paced regulatory environment.

• Competitive health, dental & vision coverage with HSA match
• 401(k) with employer match + Employee Stock Purchase Plan
• Generous PTO, paid holidays & parental leave
• Tuition reimbursement & performance‑based bonuses
• Visit our Total Rewards page to see our full list of benefits

First Mid Bancshares, Inc. is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, gender identity, sexual orientation, protected veteran status, or any other applicable federal or state‑protected classification.

THIS JOB DESCRIPTION DOES NOT CONSTITUTE A CONTRACT FOR EMPLOYMENT