Derived from job-description analysis by Serendipath's career intelligence engine.
Original posting from Glacier Bancorp, Inc.
About The Role
Summary
The Risk and Vulnerability Analyst I supports the organization’s security risk and vulnerability management efforts. This role assists with identifying, analyzing, and tracking security vulnerabilities and risk exceptions, while contributing to the organization’s compliance with regulatory and industry frameworks such as GLBA, NIST, and CIS Critical Security Controls (CIS CSC). The Analyst I collaborates with IT teams, supports the CIS CSAT process, and helps maintain the vulnerability management program.
This position reports to the Risk and Vulnerability Manager and plays a key role in executing foundational tasks, conducting data analysis, and contributing to broader governance initiatives.
This is a Corporate position which may be located in an available bank division across our nine-state footprint in AZ, CO, ID, MT, NV, TX, UT, WA, or WY. The entry rate for this position is $34.14 + / hour (calculated for Kalispell, MT). Click here to learn more about our bank divisions.
All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background.
WA Applicants ONLY:
Spokane, WA range $38.14 to 57.20 an hour.
Wenatchee, WA $38.66 to $58.01 an hour.
Duties and Responsibilities
- Vulnerability Management Support - Assist in the scanning, identification, and tracking of vulnerabilities. Help analyze scan results, document findings, and follow up with IT teams to ensure timely remediation aligned with security policy and SLAs.
- Risk Acceptance Support - Assist in the tracking and documentation of vulnerability and configuration exceptions, audit findings, and policy deviations. Verify false positives and assist in maintaining exception records through their lifecycle.
- CIS CSAT Support - Assist in the administration of the CIS Critical Security Controls Self-Assessment Tool. Help gather evidence, track assessment progress, and support control improvement planning.
- Security Risk & Compliance Support - Track remediation progress for open vulnerabilities, risk exceptions, and audit items. Work with the Risk and Vulnerability Manager to prepare status updates and monitor compliance timelines.
- Metrics & Reporting - Maintain spreadsheets, dashboards, and other reporting tools to summarize key risk indicators (KRIs), scan results, and remediation trends. Assist with preparing reports for management review.
About You
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education
Required/Preferred
Education Level
Description
Required
High School Diploma / GED
Preferred
Bachelor’s Degree
Information Technology (preferably in Information Assurance or Information Security) or related field.
Experience
Required/Preferred
Experience Level
Description
Required
1 year
Hands on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7).
Required
1 year
Experience in supporting and executing tasks within a vulnerability management program, particularly in financial or other regulated industries.
Required
Beginner Experience
Experience collaborating with IT teams to ensure timely patching of security vulnerabilities across diverse environments.
Required
Beginner Experience
Experience working with regulatory compliance and security frameworks (e.g., CIS, NIST, ISO 27001).
Required
Beginner Experience
Experience developing and presenting security reports, dashboards, and metrics to leadership and stakeholders.
Preferred
1 year
Experience conducting security risk assessments and providing mitigation recommendations.
Would an equivalent combination of relevant education and work experience be considered?: Yes
License/Certification
Required/Preferred
License/Certification
Description
Required
Other Relevant Certification
One entry-level certification such as:
- CompTIA Security+
- GIAC Security Essentials (GSEC)
Demonstrates foundational knowledge of security principles, terminology, and risk management. Validates readiness for entry-level security operations work.
Preferred
Other Relevant Certification
- GIAC Critical Controls Certification (GCCC)
Demonstrates a strong understanding of risk-based cybersecurity practices and skills to implement and execute the CIS Critical Controls recommended by the Center for Internet Security, and perform audits based on the standard.
Preferred
Other Relevant Certification
One or more of the following advanced certifications:
- CISSP (ISC2)
- CISM (ISACA)
- CISA (ISACA)
- CRISC (ISACA)
- CGRC (ISC2)
Demonstrates advanced expertise in information security governance, risk management, auditi
Source: Glacier Bancorp, Inc. careers