Analyst, Senior GRC Information Security Analyst

BANC OF CALIFORNIA AND YOUR CAREER

Banc of California, Inc. (NYSE: BANC) is a bank holding company headquartered in Los Angeles with one wholly-owned banking subsidiary, Banc of California (the “bank”). Banc of California is one of the nation’s premier relationship-based business banks focused on providing banking and treasury management services to small, middle-market, and venture-backed businesses. Banc of California offers a broad range of loan and deposit products and services, with full-service branches throughout California and Denver, Colorado, as well as full-stack payment processing solutions through its subsidiary, Deepstack Technologies. The bank is committed to its local communities by supporting organizations that provide financial literacy and job training, small business support, affordable housing, and more.

At Banc of California, our success is driven by our people, and we take pride in fostering an environment where everyone can reach their full potential. We embrace a culture of empowerment, progressive thinking, and entrepreneurial spirit, ensuring our team members have an opportunity to make an impact and play an important role in the future of Banc of California. Our core values – Entrepreneurialism, Operational Excellence, and Superior Analytics – empower us in creating a dynamic and inclusive workplace. We are committed to supporting your growth and well-being with comprehensive benefits, career development programs, a variety of employee resource groups, and more. TOGETHER WE WIN®

THE OPPORTUNITY

The Senior GRC Information Security Analyst role will be part of the Information Security Governance, Risk, & Compliance (GRC) team at Banc of California. The Information Security GRC team is responsible for the overall security posture of Banc of California by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk, and compliance programs. In addition, the Information Security GRC team is directly involved with supporting and enabling Information Technology, Information Security compliance initiatives.

We seek a Senior GRC Information Security Analyst with extensive experience implementing, managing, and maturing compliance programs, including but not limited to SOC2, ISO27xxxx, GLBA, GDPR, and CCPA. The individual must possess a significant level of technical knowledge that allows for clear communication with security and technology stakeholders and the ability to provide actionable guidance and recommendations on processes.

As a member of the Information Security GRC team, this role will be instrumental in supporting the strategy of the GRC program in partnership with senior management. In addition to technical acumen, the role requires an individual who is results-oriented, pragmatic, and demonstrates effective problem-solving and communication skills. The Senior GRC Information Security Analyst often serves as the subject matter expert for colleagues and line-of-business managers, and experience with multiple technologies, compliance requirements and risk management methodologies are crucial . Performs all duties in accordance with the Company’s policies and procedures, all U.S. state and federal laws and regulations, wherein the Company operates.

HOW YOU’LL MAKE A DIFFERENCE

• Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture.


• Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.


• Lead critical control activities with stakeholders across the business, quantifying risk, evaluating mitigations, and driving actions to measurably reduce risk.


• Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.


• Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.


• Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.


• Validate that information security requirements are built into architecture and new technology projects.


• Maintain Information Security risk register, report monthly to appropriately address key risk areas.


• Conduct technical security posture review for annual vendor monitoring and re-assessment processes for new and existing vendors.


• Provide support to the Information Security Incident Response team during cyber/privacy incidents.


• Support internal and external audits by providing documentation and supporting evidence of compliance.


• Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.


• Prepare detailed reports for senior leadership, including KRI and KPI.


• Act as a mentor, advisory, and escalation point for team members and stakeholders.


• Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.


• Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.


• Follows policies and procedures; completes tasks correctly and on time; supports the company’s goals and values.


• Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one’s own actions and conduct.


• Performs other duties and projects as assigned.

WHAT YOU’LL BRING

• Bachelor’s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CRISC, CISSP, CISS, CISM, CISA, Security+, CEH, GSEC).


• 5+ years of experience in GRC, security, risk management or related fields, particularly in highly regulated industries such as financial, professional services, or government, with expertise in navigating complex regulatory requirements.


• High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.


• Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).


• Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.


• Experience developing and implementing GRC framework, policies and procedures.


• Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.


• Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time.


• Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation.


• Ability to work on multiple GRC projects simultaneously.


• Excellent communication and interpersonal skills.

HOW WE’LL SUPPORT YOU

• Financial Security: You will be eligible to participate in the company’s 401k plan which includes a company match and immediate vesting.


• Health & Well-Being: We offer comprehensive insurance options including medical, dental, vision, AD&D, supplemental life, long-term disability, pre-tax Health Savings Account with employer contributions, and pre-tax Flexible Spending Account (FSA).


• Building & Supporting Your Family: Banc of California partners with providers that offer adoption, surrogacy, and fertility assistance as well as paid parental leave and family support solutions including care options for your family.


• Paid Time Away: Eligible team members receive paid vacation days, holidays, and volunteer time off.


• Career Growth Opportunities: To support career growth of our team members, we offer tuition reimbursement, an annual mentorship program, leadership development resources, access to LinkedIn Learning, and more.

SALARY RANGE

The base salary ultimately offered is determined through a review of education, industry experience, training, knowledge, skills, abilities of the applicant in alignment with market data and other factors.

Banc of California is an equal opportunity employer committed to creating a diverse workforce. All qualified applicants will receive consideration for employment without regard to age (40 and over), ancestry, color, religious creed (including religious dress and grooming practices), denial of Family and Medical Care Leave, disability (mental and physical) including HIV and AIDS, marital status, medical condition (cancer and genetic characteristics), genetic information, military and veteran status, national origin (including language use restrictions), race, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), gender, gender identity, gender expression, and sexual orientation. If you require reasonable accommodation as part of the application process, please contact Talent Acquisition.