Security and Data Governance Analyst

Who We Are

Thread Bank is a digital‑first financial technology community bank that aims to enhance customer engagement through innovative solutions. Thread Bank offers a modern website, a CRM system, and a mobile app to simplify banking for businesses and individuals. Our embedded banking solution helps business technology platforms provide secure banking experiences. We also partner with other banks, credit unions, and Fin Techs to integrate compliant financial solutions.

Thread Bank values innovation, collaboration, and flexibility, offering excellent benefits and a family‑friendly culture.

Thread Bank seeks a Security and Data Governance Analyst to support the Information Security Officer in running day‑to‑day security operations and executing the Bank’s data governance program. This is fundamentally a security‑focused role. The Analyst handles routine security work such as SIEM alert review, access reviews, vulnerability tracking, and supports the Bank’s data governance program by maintaining data classification, retention, and access documentation across Snowflake, the core banking platform, and other systems of record.

• Monitor and triage alerts from Arctic Wolf SIEM; elevate issues to the ISO as needed
• Track vulnerability scan results and follow up with IT Operations on remediation
• Support incident response activities under the direction of the ISO, including evidence collection, documentation, and post‑incident write‑ups
• Assist with coordination of annual penetration testing and remediation tracking
• Help maintain security awareness training, phishing test campaigns, and related reporting

• Perform quarterly user access reviews across Azure, Microsoft 365, AWS, Finxact, Snowflake, and other bank platforms
• Document review outcomes and track remediation of inappropriate access
• Support onboarding and offboarding checklists for IT access provisioning and deprovisioning

• Maintain data classification documentation and data inventories across Snowflake, the core banking platform, and other systems of record
• Track data owners and stewards; keep ownership lists current as the organization changes
• Monitor adherence to retention policies and elevate exceptions
• Conduct and document periodic data governance assessments across bank systems, reviewing classification accuracy, access appropriateness, retention compliance, and data handling practices against policy
• Provide administrative support for the Data Governance Committee, including scheduling, agendas, minutes, and action item tracking
• Assist the data team with access control reviews and data quality reporting

• Collect and organize evidence for internal audits, external audits, and regulatory exams (GLBA, SOX, BSA/AML)
• Maintain control documentation and track remediation of audit findings
• Respond to auditor and examiner requests under the direction of the ISO

• Support annual BCP/DR tabletop exercises, including scheduling, note‑taking, and tracking action items to closure
• Maintain the Bank’s BCP/DR documentation library

• Support TPRM assessments by providing security and data governance input on vendors that handle bank data or connect to bank systems, including review of questionnaire responses, SOC 2 reports, and data handling practices
• Serve as the security and data governance point of contact for TPRM on vendor findings, remediation, and re‑assessment cadence

• Serve as the security and data governance subject‑matter expert on bank projects and initiatives, including new system implementations, vendor onboarding, data integrations, and business‑line changes
• Review project designs and requirements for security and data handling implications; document risks, recommend controls, and track follow‑through to go‑live
• Represent the Information Security Officer in project meetings as needed, escalating material risks or policy questions back to the ISO

• Maintain clear documentation and runbooks for all recurring tasks
• Coordinate day‑to‑day with IT Operations, the data team,…