Security Analyst Information Protection 2 - Cyber Security - Wheeling, WV

This position is hybrid. The employee is split between remote and office work on a formalized schedule. Consideration for location will be Bank Plaza - Wheeling, WV.

Bachelor's degree in Information Security, Cybersecurity, Computer Science, Information Systems, or a related field required.

Minimum 1 year of experience in Information Security, Cybersecurity, or a related discipline required.

SUMMARY:

The Security Analyst, Information Protection is responsible for implementing and maintaining data protection technologies such as Data Loss Prevention (DLP), data classification, labeling, Digital Rights Management (DRM), and other information protection solutions to safeguard organizational information. Works with technology teams and business units to understand data workflows, strengthen controls against data exfiltration, and ensure alignment with governance and regulatory requirements. The role also supports testing, evaluations, reporting, and other initiatives that enhance the organization's overall information protection posture.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Maintains and tunes enterprise DLP policies across email, endpoint, cloud, and network channels.

Administers and supports data classification and labeling frameworks to ensure proper handling of sensitive data (e.g., customer financial information, internal confidential, PII, PCI).

Manages and optimizes DRM solutions to enforce encryption, access restrictions, and secure collaboration.

Contributes to the design, deployment, and administration of cyber technologies and processes that reduce the risk of data compromise.

Assists with testing, validation, and quality assurance of data protection and data security solutions, ensuring proper functionality and alignment with requirements.

Supports ongoing efforts to strengthen existing controls that protect against data exfiltration and unauthorized data movement.

Maintains and updates regularly enterprise data inventory, ensuring accurate tracking of sensitive information across systems and business processes.

Partners with data management, data governance, and business units to ensure data protection controls align with policies, regulatory requirements, and secure data-handling procedures.

Collaborates with business units to understand data workflows and recommend improvements to reduce exposure.

Assists in root-cause analysis for data leakage events and recommend control improvements.

Participates in technology and software evaluations, assessing solutions based on data protection, endpoint risks, and security requirements.

Works closely with Cloud, Endpoint, and Identity teams to improve information protection posture.

Provides awareness training and guidance on secure data handling.

Supports ongoing and adhoc reporting related to data protection program performance, compliance, and risk indicators.

Contributes to various adhoc Data Protection initiatives, adapting to evolving business needs, regulatory changes, and emerging risk areas.

May handle other duties as assigned.

OTHER REQUIREMENTS:

Banking is a highly regulated industry and you will be expected to acquire and maintain a proficiency in the Bank's policies and procedures, and adhere to all laws, rules and regulations that are applicable to your conduct and the work you will be performing. You will also be expected to complete all assigned compliance training in a timely manner.

Strong understanding of security best practices, secure data handling, and foundational security principles (confidentiality, integrity, availability, least privilege, etc.).

Hands-on knowledge or experience with data protection technologies, such as data loss prevention, data classification/labeling, data rights management, encryption, or data discovery tools preferred.

Familiarity with common security and technology frameworks, such as NIST, CIS Controls, and Zero Trust principles.

Ability to analyze technical information, interpret security findings, and communicate effectively with technical and non-technical audiences.

Strong problem-solving, documentation, and organizational skills with the ability to support multiple initiatives simultaneously.

Security certifications such as Security+, CySA+, SSCP, or similar credentials, preferred.