Information Security Controls Analyst

About The Position

Requirements

• 3+ years in cybersecurity or IT practitioner roles.
• 2+ years in IT risk or controls analysis.
• Practical experience with risk management and IT control frameworks.
• Bachelor's degree preferred in Information Assurance, Computer Science, Engineering, or a related technical field.
• Strong understanding of risk frameworks (CRI, COSO, RMF, COBIT, NIST).
• Familiarity with regulatory standards (PCI, FFIEC, SOX, HIPAA, GDPR, CCPA, GLBA).
• Experience with CIS CSC, ISO 2700, or NIST CSF.
• Excellent written and verbal communication across all organizational levels.
• Strong organizational skills and ability to meet SLAs.
• Sound judgment and decision-making in complex scenarios.
• High integrity, trustworthiness, and adaptability.

Nice To Haves

• Certifications such as CISSP, CISA, CRISC, or CISM.
• Technical experience with enterprise networks, applications, and directory services.
• Familiarity with enterprise GRC platforms.

Responsibilities

• Review and document the adequacy of security and technology controls across business and IT environments.
• Evaluate control posture through interviews, documentation reviews, and workflow analysis.
• Recommend and support implementation of risk reduction strategies via policies, procedures, and technical controls.
• Partner with risk management and security leadership to align controls with organizational risk tolerance.
• Identify control strengths and weaknesses related to privacy, security, resiliency, and compliance.
• Document and advocate for control improvements that balance risk with operational efficiency.
• Support control development across testing, QA, and production environments.
• Present control effectiveness reports to senior risk leadership.
• Stay current on regulatory requirements, internal policies, and industry best practices.