Information Security Analyst

About The Position

Requirements

• Bachelor’s Degree in Information Security, Information Technology, Computer Science, or equivalent practical experience
• Formal schooling or experience deploying a broad set of cybersecurity technologies and programs including SOC, NAC, SIEM, CASB, PKI, IDS, IPS, PCI, ISO, DLP, UTM, UEBA, CEH, SSCP, and OWASP Top 10 / secure coding best practices
• 3+ years of experience in information security across: security operations, vulnerability management, incident response, governance/risk/compliance, or cloud/application security
• Strong analytical, documentation, and communication skills

Nice To Haves

• Demonstrated knowledge and experience of cybersecurity frameworks including NIST, ISO 27001, CMMC, SOX ITGC, and PCI DSS
• Experience with GRC platforms (e.g., FutureFeed, Cyturus, etc)
• Certifications such as Security+, CISA, CISM, ISO 27001 Lead Auditor/Implementer
• Experience in regulated or manufacturing environments
• Ability to manage multiple projects and priorities in parallel and work cross-functionally with engineering, IT, and audit
• Experience with audits, risk assessments, and control testing
• History of staying current in cyber-security field
• Ability to be on call in the event of a security incident
• Ability to travel 10% of the time

Responsibilities

• Security Operations & Incident Response - Support, maintain, and enhance compliance programs aligned to NIST, SOX ITGC controls, CMMC, ISO 27001, and PCI DSS
• Participate in readiness assessments, gap analyses, and control audits
• Coordinate documentation, evidence collection, and control testing for audits and certifications
• Governance, Risk & Policy Management
• Contribute to creation, maintenance, and review of security policies, standards, and procedures
• Conduct and document periodic risk assessments to identify security risks and support mitigation activities
• Ensure documentation aligns with regulatory and framework requirements
• Audit Support & Control Testing
• Execute internal control testing, including design and operating effectiveness assessments
• Partner with internal and external auditors for audit activities
• Track remediation activities for compliance gaps and audit findings
• Security Monitoring & Continuous Improvement
• Monitor compliance control performance and identify improvement opportunities
• Assist in developing metrics and dashboards for compliance and risk
• Support third party vendor security reviews including compliance assessments
• Prepare detailed reports on security breaches, including root cause analysis and recommendations for remediation
• Cross Functional Collaboration
• Work with IT, Legal, Finance, Engineering, and Operations on compliance obligations
• Provide subject matter expertise on regulatory and security frameworks
• Assist with onboarding and training employees on security compliance responsibilities
• Training & Awareness
• Develop, maintain and deliver security compliance training programs tailored to regulatory obligations
• Promote awareness of security policies, standards, and compliance requirements across the organization
• Collaborate with HR, IT and Communication teams to coordinate annual and ad-hoc training campaigns
• Track and report on training completion, adoption and effectiveness to ensure organizational security awareness
• Support continuous improvement of the security awareness program by analyzing trends, user behavior and any compliance gaps
• Other duties as assigned

Benefits

• Salary, Bonus, Long Term Incentives
• Health Insurance: Traditional OR High Deductible plan
• Flexible Spending Accounts
• Health Savings Account (including employer contributions)
• Dental & Vision
• Basic and Supplemental Life Insurance
• Short-Term & Long-Term Disability
• Paid caregiver leave
• PTO + Holiday Pay + Wellness Hours + Volunteer Hours
• 401k with company match & immediate vest
• Employee Stock Purchase Program at a 15% discounted rate
• Matching grants through Protolabs foundation