Cyber Assurance Control Testing Analyst

As a leading bank, SouthState has been providing financial solutions to individuals, families, and businesses for more than 100 years.

SouthState team members strive to create remarkable experiences while building meaningful and lasting relationships. We are proud to be a reflection of the communities we serve, and our team members share core values that make SouthState a great place to bank, and a great place to work.

SUMMARY/OBJECTIVES

The Cyber Assurance Control Testing Analyst is responsible for executing and assessing security controls to ensure compliance with regulatory requirements, internal policies, and industry best practices. This role will work closely with information technology, security, risk, audit, and business teams to identify gaps, recommend improvements, and enhance the Banks overall security posture.

ESSENTIAL FUNCTIONS

Control Testing & Assessment

• Conduct periodic security control testing to assess effectiveness and adherence to bank policies, regulatory requirements, and frameworks (e.g., NIST, ISO 27001, FFIEC, SOC 2).

• Develop and execute control testing plans, documenting test procedures, results, and findings.

• Perform risk-based assessments of security controls across different business functions and technology areas.

• Identify control weaknesses, gaps, and areas for improvement, ensuring appropriate remediation plans are in place.

Governance & Compliance Monitoring

• Support regulatory and internal audit engagements by providing evidence of control effectiveness.

• Monitor compliance with security policies, standards, and procedures, escalating issues as needed.

• Collaborate with first-line security teams to validate control implementations and ensure alignment with security governance requirements.

• Assist in maintaining and updating security control frameworks to align with evolving risks and regulatory expectations.

Reporting & Documentation

• Prepare detailed testing reports, dashboards, and risk assessments for senior management and security leadership.

• Track remediation efforts, follow up on outstanding issues, and ensure timely closure of control deficiencies.

• Maintain comprehensive documentation of control testing processes, findings, and recommendations.

Stakeholder Collaboration & Advisory

• Work closely with IT, security, risk management, compliance, and audit teams to align control testing with business objectives.

• Provide advisory support to business units on security control requirements and best practices.

• Participate in security governance meetings and contribute to continuous improvement initiatives.

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions.

COMPETENCIES

• 3+ years of experience in security control testing, IT audit, security governance, or risk management (preferably in the banking or financial sector).

• Strong knowledge of security frameworks and regulatory requirements, including NIST CSF, ISO 27001, FFIEC, GLBA, SOC 2, PCI DSS.

• Experience with GRC tools (e.g., Archer, ServiceNow, MetricStream) for control testing and reporting.

• Detail-oriented with excellent analytical, problem-solving, and communication skills.

• Ability to work independently, manage multiple priorities, and interact with cross-functional teams.

Qualifications, Education, and Certification Requirements

• Education:

  • Bachelor’s degree in information security, Cybersecurity, Risk Management, Business, or a related field.

  • 3+ years of experience in security control testing, IT audit, security governance, or risk management (preferably in the banking or financial sector).

• Certifications/Specific Knowledge:

  • Preferred Certifications: CISA, CISSP, CRISC, CISM, or equivalent.

WORK ENVIRONMENT

Telecommuting roles, no matter if hybrid or 100% full time telecommuting must have a secure home office environment that is free from background noise and distractions. They must also have a reliable private internet connection that is not supplied by use of cellular data (hot spot). Cable or fiber connections are preferred.  Requirements are subject to change, as new systems and technology is delivered.

TRAVEL

Travel may be required to come to meetings as needed.