Information Security Analyst-GRC LVL II

About The Position

Requirements

• Develop and maintain risk assessment procedures and questionnaires tailored for cloud services and third-party applications.
• Define security review workflows for vendor onboarding, contract renewals, and offboarding.
• Integrate cybersecurity risk activities with procurement, legal, and enterprise architecture processes.
• Conduct technical and compliance assessments focusing on: Data classification and regulatory alignment (e.g., HIPAA, CJIS, PCI, GDPR) Encryption standards and access controls
• Review vendor responses to security questionnaires and validate supporting documentation (e.g., SOC 2 reports, ISO certifications, penetration test results).
• Analyze risks associated with APIs, SaaS integrations, homegrown plug-ins, and third-party application stores.
• High School diploma, or G.E.D. equivalency from an accredited educational institution. - Required
• (5)-Five years of work experience in an Information Security, Information Technology, Computer Science, IT Risk Management or related field.
• Experience designing, implementing, and executing IT Risk Management projects, cloud solutions, cybersecurity governance, and technologies across complex, large-scale environments.
• Ability to build and maintain strong relationships across departments/teams and effectively communicate information security risks and controls to stakeholders and leadership.
• A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and ability to thrive in a team environment.

Nice To Haves

• Bachelor's degree in Computer Science, Information Security, Information Technology, Risk Management, or similar area of study from an accredited college or university. - Preferred

Responsibilities

• Collaborate with internal stakeholders to define third-party cybersecurity roles and responsibilities.
• Partner with legal and procurement teams to ensure contracts include appropriate security terms (e.g., data handling, breach notification, audit rights).
• Provide security guidance to project teams evaluating or implementing cloud-based or externally hosted solutions.
• Support the development of cloud security baselines and governance controls.
• Recommend mitigation strategies and track remediation efforts.
• Evaluate cloud service configurations (e.g., AWS, Azure, Google Cloud, SaaS platforms) for alignment with enterprise security policies and industry best practices.
• Maintain and update a centralized inventory of critical cloud services and third-party vendors.
• Develop and present risk dashboards and executive-level summaries to communicate risk posture and assessment outcomes.
• Track security exceptions, risk acceptance approvals, and remediation timelines across third-party engagements.
• Participate in governance forums such as the Cybersecurity Review Committee (CRC) and provide input on vendor-related risks.