About The Role
Summary The Risk and Vulnerability Analyst I supports the organization's security risk and vulnerability management efforts. This role assists with identifying, analyzing, and tracking security vulnerabilities and risk exceptions, while contributing to the organization's compliance with regulatory and industry frameworks such as GLBA, NIST, and CIS Critical Security Controls (CIS CSC). The Analyst I collaborates with IT teams, supports the CIS CSAT process, and helps maintain the vulnerability management program. This position reports to the Risk and Vulnerability Manager and plays a key role in executing foundational tasks, conducting data analysis, and contributing to broader governance initiatives. This is a Corporate position which may be located in an available bank division across our nine-state footprint in AZ, CO, ID, MT, NV, TX, UT, WA, or WY. The entry rate for this position is $34.14 + / hour (calculated for Kalispell, MT). Click here to learn more about our bank divisions. All compensation offers are analyzed individually and take into consideration multiple factors including but not limited to geographic location, years of experience, and educational background. WA Applicants ONLY: Spokane, WA range $38.14 to 57.20 an hour. Wenatchee, WA $38.66 to $58.01 an hour. Duties and Responsibilities
- Vulnerability Management Support - Assist in the scanning, identification, and tracking of vulnerabilities. Help analyze scan results, document findings, and follow up with IT teams to ensure timely remediation aligned with security policy and SLAs.
- Risk Acceptance Support - Assist in the tracking and documentation of vulnerability and configuration exceptions, audit findings, and policy deviations. Verify false positives and assist in maintaining exception records through their lifecycle.
- CIS CSAT Support - Assist in the administration of the CIS Critical Security Controls Self-Assessment Tool. Help gather evidence, track assessment progress, and support control improvement planning.
- Security Risk & Compliance Support - Track remediation progress for open vulnerabilities, risk exceptions, and audit items. Work with the Risk and Vulnerability Manager to prepare status updates and monitor compliance timelines.
- Metrics & Reporting - Maintain spreadsheets, dashboards, and other reporting tools to summarize key risk indicators (KRIs), scan results, and remediation trends. Assist with preparing reports for management review.
About You
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. |
Education |
Required/Preferred |
Education Level |
Description |
Required |
High School Diploma / GED |
|
Preferred |
Bachelor's Degree |
Information Technology (preferably in Information Assurance or Information Security) or related field. |
|
|
Experience |
Required/Preferred |
Experience Level |
Description |
Required |
1 year |
Hands on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7). |
Required |
1 year |
Experience in supporting and executing tasks within a vulnerability management program, particularly in financial or other regulated industries. |
Required |
Beginner Experience |
Experience collaborating with IT teams to ensure timely patching of security vulnerabilities across diverse environments. |
Required |
Beginner Experience |
Experience working with regulatory compliance and security frameworks (e.g., CIS, NIST, ISO 27001). |
Required |
Beginner Experience |
Experience developing and presenting security reports, dashboards, and metrics to leadership and stakeholders. |
Preferred |
1 year |
Experience conducting security risk assessments and providing mitigation recommendations. |
|
|
Would an equivalent combination of relevant education and work experience be considered?: Yes |
|
|
License/Certification |
Required/Preferred |
License/Certification |
Description |
Required |
Other Relevant Certification |
One entry-level certification such as: * CompTIA Security+ * GIAC Security Essentials (GSEC) Demonstrates foundational knowledge of security principles, terminology, and risk management. Validates readiness for entry-level security operations work. |
Preferred |
Other Relevant Certification |
* GIAC Critical Controls Certification (GCCC) Demonstrates a strong understanding of risk-based cybersecurity practices and skills to implement and execute the CIS Critical Controls recommended by the Center for Internet Security, and perform audits based on the standard. |
Preferred |
Other Relevant Certification |
One or more of the following advanced certifications: * CISSP (ISC2) * CISM (ISACA) * CISA (ISACA) * CRISC (ISACA) * CGRC (ISC2) Demonstrates advanced expertise in information security governance, risk management, auditing, compliance, and implementation of CIS Controls. |
|
|
Required Skills and Abilities |
- Vulnerability Management & Risk Analysis: Proficiency with scanning tools (e.g., Qualys, Nessus), CVSS scoring, TruRisk, QDS, and remediation tracking.
- Security Frameworks & Compliance: Knowledge of CIS Controls, NIST 800-53, FFIEC, and regulatory requirements for financial institutions.
- Patch & Remediation Coordination: Experience working with IT teams to implement security patches and mitigate risks.
- Threat Intelligence & Risk Assessment: Ability to analyze emerging threats, assess business impact, and prioritize vulnerabilities accordingly.
- Reporting & Metrics: Strong skills in interpreting scan results, generating executive reports, and tracking key risk indicators (KRIs).
- Cross-Team Collaboration: Work effectively with IT, development, compliance, and vendors to ensure vulnerabilities are addressed.
- Security Awareness & Training: Educate teams on secure configurations and vulnerability mitigation best practices.
- Policy & Procedure Development: Ability to draft and maintain security policies, standards, and guidelines.
- Project Management & Organization: Ability to track multiple remediation efforts, meet SLAs, and ensure timely risk resolution.
- Communication & Leadership: Clearly convey technical security risks to non-technical stakeholders and support continuous program improvements.
- Requires a proactive and analytical approach to security, working closely with technical teams to drive improvements in risk mitigation while ensuring compliance with internal policies and external regulations.
- Employee must be capable of regular, reliable, and timely attendance.
|
|
Additional Requirements |
Travel |
Occasional travel required: (less than 10 days per year) by automobile (as driver and passenger), commercial airlines, rental vehicles and public transportation and be able to lodge in public facilities. |
|
|
Working Conditions |
Environment: Indoors, a climate-controlled shared work area. |
Noise Level: Moderate noise; not extreme or excessive; within reasonable limits. |
Lifting: Sedentary work: Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met. |
|
|
Vision |
Close visual acuity to prepare and analyze data and figures, view a computer terminal, and read the computer screen, printed materials, and handwritten materials. |
|
|
Physical Activities |
Frequency |
Balancing: Maintaining body equilibrium to prevent falling and walking, standing or crouching on narrow, slippery, or erratically moving surfaces. |
Infrequent - rare. |
Climbing: Ascending or descending ladders, stairs, scaffolding, ramps, poles and the like, using feet and legs and/or hands and arms. |
Infrequent - rare. |
Crawling: Moving about on hands and knees or hands and feet. |
Infrequent - rare. |
Crouching: Bending the body downward and forward by bending leg and spine. |
Infrequent - rare. |
Feeling: Perceiving attributes of objects such as size and shape, temperature or texture by touching with skin, particularly that of the fingertips. |
Infrequent - rare. |
Fingering: Picking, pinching, typing or otherwise working primarily with fingers rather than with the whole hand as in handling. |
Daily. |
Grasping: Applying pressure to an object with the fingers and palm. |
Infrequent - rare. |
Kneeling: Bending legs at knee to come to a rest on knee or knees. |
Infrequent - rare. |
Lifting: Raising objects from a lower to a higher position or moving objects horizontally from position to position. |
Infrequent - rare. |
Pushing: Using upper extremities to press against something with steady force in order to thrust forward, downward or outward. |
Infrequent - rare. |
Pulling: Using upper extremities to exert force in order to draw, haul or tug objects in a sustained motion. |
Infrequent - rare. |
Repetitive Motion: Making substantial movements (motions) of the wrists, hands, and/or fingers. |
Daily. |
Stooping: Bending body downward and forward by bending spine at the waist. |
Infrequent - rare. |
|
|
What We Offer
COMPENSATION & BENEFITS: Starting salary is dependent upon relevant experience and may vary based on the geographic location of the position. We offer an extensive benefits package that includes, but is not limited to medical, dental, vision, and life insurance. Coverage is available to employees and their eligible dependents in accordance with our written plan documents. You may also be eligible for a health savings account option, an Employee Assistance Program (EAP), a health rewards program, a retirement savings plan, including 401(k) and Profit-Sharing plans, short and long-term disability benefits, education and training benefits, and discounts on banking products and services. We also offer a generous Paid Time Off (PTO) plan and paid holidays. PTO accruals begin at .0745 per hour worked for our part time employees up to a maximum accrual of 240 hours per year for certain Full-Time employees. PTO accruals are dependent on position, status (Full time or Part time), and years of experience in accordance with our PTO policy. Most Full-Time employees are also offered 6 paid holidays and Part Time employees are offered pro-rated paid holidays. In addition, employees in Utah and Nevada may be eligible for pay for certain state recognized holidays. Visit our website for more details. Check it out! We are an Equal Opportunity Employer and qualified applicants, or employees will receive consideration for employment without regard to race, color, religion, national origin, sex (including pregnancy), sexual orientation, gender identity, mental or physical disability, genetic information, protected veteran status, or any other category protected by applicable federal, state, or local laws. Glacier Bancorp, Inc. does not sponsor applicants for work visas. All applicants must be legally authorized to work in the US. No Recruiters or unsolicited agency referrals please.
|
Glacier Bancorp
life insurance, paid time off, paid holidays, 401(k)
May 16, 2026