×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Corporate Information Security Risk & Vulnerability Analyst

Job in Big Sky, Gallatin County, Montana, 59716, USA
Listing for: Make Choteau Home
Full Time position
Listed on 2026-05-23
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 34.14 USD Hourly USD 34.14 HOUR
Job Description & How to Apply Below
Position: Corporate Information Security Risk & Vulnerability Analyst - Multiple Cities
Location: Big Sky


* This position is available out of Billings, Bozeman, Helena, and Missoula, MT

About

The Role

The Risk and Vulnerability Analyst I supports the organization’s security risk and vulnerability management efforts. This role assists with identifying, analyzing, and tracking security vulnerabilities and risk exceptions, while contributing to the organization’s compliance with regulatory and industry frameworks such as GLBA, NIST, and CIS Critical Security Controls (CIS CSC). The Analyst I collaborates with IT teams, supports the CIS CSAT process, and helps maintain the vulnerability management program.

This position reports to the Risk and Vulnerability Manager and plays a key role in executing foundational tasks, conducting data analysis, and contributing to broader governance initiatives. This is a Corporate position which may be located in an available bank division across our nine-state footprint in AZ, CO, , MT, NV, TX, UT, WA, or WY. The entry rate for this position is $34.14 per hour (calculated for Kalispell, MT).

Duties

and Responsibilities
  • Vulnerability Management Support – Assist in the scanning, identification, and tracking of vulnerabilities. Help analyze scan results, document findings, and follow up with IT teams to ensure timely remediation aligned with security policy and SLAs.
  • Risk Acceptance Support – Assist in the tracking and documentation of vulnerability and configuration exceptions, audit findings, and policy deviations. Verify false positives and assist in maintaining exception records through their lifecycle.
  • CIS CSAT Support – Assist in the administration of the CIS Critical Security Controls Self-Assessment Tool. Help gather evidence, track assessment progress, and support control improvement planning.
  • Security Risk & Compliance Support – Track remediation progress for open vulnerabilities, risk exceptions, and audit items. Work with the Risk and Vulnerability Manager to prepare status updates and monitor compliance timelines.
  • Metrics & Reporting – Maintain spreadsheets, dashboards, and other reporting tools to summarize key risk indicators (KRIs), scan results, and remediation trends. Assist with preparing reports for management review.
About You

We are looking for a candidate with strong analytical skills, a proactive attitude, and a solid understanding of vulnerability management and risk analysis.

Qualifications Education
  • Required:

    High School Diploma / GED
  • Preferred:
    Bachelor’s Degree in Information Technology (preferably in Information Assurance or Information Security) or related field.
Experience
  • Required:

    1 year hands‑on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7).
  • Required:

    1 year experience in supporting and executing tasks within a vulnerability management program, especially in financial or regulated industries.
  • Required:

    Beginner experience collaborating with IT teams to ensure timely patching of security vulnerabilities across diverse environments.
  • Required:

    Beginner experience working with regulatory compliance and security frameworks (e.g., CIS, NIST, ISO 27001).
  • Required:

    Beginner experience developing and presenting security reports, dashboards, and metrics to leadership and stakeholders.
  • Preferred: 1 year experience conducting security risk assessments and providing mitigation recommendations.
License/Certification
  • Required:

    One entry‑level certification such as CompTIA Security+ or GIAC Security Essentials (GSEC).
  • Preferred: GIAC Critical Controls Certification (GCCC). Other relevant advanced certifications such as CISSP, CISM, CISA, CRISC, or CGRC provide added value.
Required

Skills and Abilities
  • Vulnerability Management & Risk Analysis:
    Proficiency with scanning tools, CVSS scoring, and remediation tracking.
  • Security Frameworks & Compliance:
    Knowledge of CIS Controls, NIST 800‑53, FFIEC, and regulatory requirements for financial institutions.
  • Patch & Remediation Coordination:
    Experience working with IT teams to implement security patches and mitigate risks.
  • Threat Intelligence & Risk Assessment:
    Ability to analyze emerging threats and prioritize vulnerabilities.
  • Reporting & Metrics:
    Strong skills in interpreting scan results, generating…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search