Information Security Analyst

About The Position

Requirements

• Associate's degree in a related field, or 4+ years of experience in IT, QA, Compliance, or Accounting
• Demonstrated strong technical writing ability
• Basic awareness of ISO/IEC 27001, PCI DSS, NIST SP800-53, SOC 1, and SOC 2 frameworks
• Familiarity with HIPAA/HITECH, GLBA, and CCPA regulatory requirements
• Awareness of security architecture principles, change management, disaster recovery, and business continuity concepts
• Ability to manage multiple priorities, work independently, and communicate effectively in a cross-functional environment

Nice To Haves

• Certifications not required, but interest in pursuing CISSP, CISA, CISM, CRISC, or CompTIA credentials is a plus.

Responsibilities

• Manage and review events, access levels, and scorecard metrics; respond to auditor questionnaires about the company's security posture
• Maintain the InfoSec program document lifecycle so documentation reflects current controls and risk mitigations
• Manage access tickets for new hires, changes, and revocations; keep the Profile Definition Matrix current
• Conduct monthly phishing tests, summarize results, and recommend risk-reduction actions
• Coordinate and document annual Business Continuity Plan table-top exercises for Operations Support and Accounting
• Participate in client audits end-to-end and drive remediation of IT and information security findings
• Audit Support-level vendors for compliance with the company's Vendor Management Program
• Participate in weekly email DLP quarantine monitoring rotation and partner with IT on firewall reviews
• Review weekly physical access swipes to secure areas and ensure ticket-based owner approval