Title: Information Security Analyst
Role Overview: The Information Security Analyst is a hands-on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third-party risk management, security assessments, and the integration of security controls across enterprise and cloud-based systems.
The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast-paced, highly collaborative environment with modern and emerging technologies.
Key Responsibilities
-
Support a Technology Vendor Management and Third-Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring
-
Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle
-
Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)
-
Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications
-
Partner with business teams to review workflows and recommend security process improvements
-
Support the development and execution of data protection and risk mitigation initiatives
-
Produce clear, written security assessments documenting vendor and application security posture
-
Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness
Required Qualifications
-
2–3 years of experience in Information Technology
-
Minimum of 2 years of experience in cybersecurity risk management
-
Experience conducting vendor due diligence and third-party security assessments
-
Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP
-
Experience coordinating technical security integrations across systems and applications
-
Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals
-
Ability to analyze complex system architectures and identify security integration opportunities
-
Bachelor’s or Master’s degree in a relevant field
Preferred Qualifications
-
Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools)
-
Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM
-
Experience with security logging and event management tools (e.g., SIEM platforms)
-
Hands-on exposure to AWS and/or Azure cloud environments
-
Experience producing operational security metrics and dashboards
Tools & Skills
-
Strong cybersecurity fundamentals with a focus on risk, controls, and integrations
-
Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)
-
Strong written and verbal communication skills
Work Environment
Collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities.