Cyber Defense & Risk Analyst

About The Position

Requirements

• Working knowledge of common security controls and frameworks (e.g., NIST CSF, ISO 27001/27002, CIS Controls) and the ability to map technical issues to control requirements.
• Hands-on experience with at least two of the following areas: security monitoring (SIEM/MDR), incident response, vulnerability management, endpoint security (EDR), identity and access management, email security.
• Experience supporting audits and control testing (e.g., ITGC, internal audit, SOC report reviews), including evidence collection and remediation tracking.
• Ability to write clearly and maintain thorough documentation (risk statements, procedures, incident notes, and audit evidence narratives).
• Strong interpersonal and communication skills, including the ability to work effectively with both technical teams and business stakeholders.
• Aptitude and desire to leverage AI-enabled capabilities and automation to improve security outcomes (e.g., workflow automation, scripting, playbooks, and repeatable process improvement) while maintaining appropriate governance and data handling practices.
• 3-5 years of related job experience.
• Ability to manage multiple projects, work under pressure, and adapt to sudden changes in the work environment.
• Ability to work quickly and efficiently.
• Excellent verbal, written, people, and diplomacy skills are required.
• Experience of interpreting strategy and policy in order to set and deliver objectives.
• Proficient with Microsoft Office Suite.
• Strong customer service skills (friendly, courteous and helpful).
• Strong planning and organization skills are required.

Nice To Haves

• IT, Risk Management, Computer Science and Business Administration majors preferred.
• Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISSACA)
• Certified Information Security manager (CISM) - International Information System Security Certification Consortium

Responsibilities

• Monitor, analyze, and validate security alerts using Veritiv’s security monitoring ecosystem (e.g., SIEM/MDR, endpoint security, identity protection, and email security tools).
• Investigate, triage, and respond to incidents (e.g., phishing, identity compromise, malware, suspicious network activity), coordinating with internal stakeholders and third-party providers as needed.
• Perform root cause analysis and support containment, eradication, and recovery activities; document incident details, actions taken, and lessons learned.
• Assist with technical security reviews of new or changing technologies (SaaS, cloud services, integrations, and vendors), identifying misconfigurations and recommending compensating controls.
• Partner with Internal Audit and control owners to support IT audit activities (e.g., evidence collection, walkthroughs, remediation validation, and closure of findings).
• Participate in third-party / vendor risk activities, including review of security documentation, questionnaires, and assessment results; help translate vendor technical risks into business impact and mitigation steps.
• Communicate complex technical topics clearly to non-technical stakeholders; produce concise written deliverables (incident summaries, risk write-ups, audit evidence narratives).
• Identify opportunities to automate and streamline GRC and security operations processes (e.g., alert triage, evidence collection, control testing support, reporting), including the responsible use of approved AI-enabled security capabilities to improve speed, consistency, and quality.

Benefits

• Engaging and inclusive culture with employee-led Employee Resource Groups, Veritiv Cultural Alliance, recognition platform, etc.
• Extensive training opportunities, professional development programs, career pathing, and mentorship opportunities.
• Collaborative atmosphere with our customers and suppliers to create healthier, safer and more sustainable communities through our responsible operations and innovative solutions.
• Healthcare benefits
• 401k
• paid time off
• tuition reimbursement
• 401k with match start date of hire
• parental bonding time
• annual Profit-Sharing Program