Information Security – Risk & Compliance Analyst

About The Position

Requirements

• Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).
• Basic understanding of risk assessment methodologies and risk management concepts.
• Familiarity with third-party risk management and audit processes.
• Strong analytical and problem-solving skills with attention to detail.
• Capacity to understand legacy and progressive technology and security controls along with respective risk.
• Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
• Analytical Thinking – applies structured reasoning to evaluate risk and compliance data objectively
• Integrity & Accountability – Handles sensitive security information with discretion and professionalism.
• Communication – Clearly translates security requirements and findings for varied audiences across the organization
• Continuous Learning – Proactively keeps pace with evolving security frameworks, threats, and regulatory requirements
• Collaboration – Builds effective working relationships across IT, operations, and business functions globally
• Detail Orientation – Produces thorough, accurate documentation and maintains meticulous records of compliance activities
• 0 – 2 years’ experience in information security, IT audit, risk management, or a related field.
• Bachelor’s degree, cybersecurity certification, or equivalent experience in an information security or related field.
• A minimum of an entry-level certification such as the CompTIA Security+ certification

Nice To Haves

• Additional Risk & Compliance certification(s), such as CISA, a plus

Responsibilities

• Assist in conducting information security risk assessments across business units, systems, and processes in accordance with established methodologies.
• Document risk findings, assign risk ratings, and track remediation activities through the risk register.
• Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.
• Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.
• Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.
• Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.
• Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.
• Monitor regulatory changes and emerging framework updates; summarize implications for the security program.
• Coordinate and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.
• Assist in managing vendor risk assessments for new and existing third-party vendors and suppliers.
• Track audit findings and corrective action plans, ensuring timely remediation and closure.
• Serve as a liaison between internal teams and external auditors during certification audits.
• Assist in drafting, reviewing, and updating information security policies, standards, and procedures.
• Support the delivery of security awareness training and phishing simulation programs.
• Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.
• Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.
• Prepare regular status reports and metrics dashboards for management review.
• Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.

Benefits

• Victaulic is an Equal Employment Opportunity (EOE/M/F/Vets/Disabled) employer and welcomes all qualified applicants.
• Applicants will receive fair and impartial consideration without regard to race, gender, color, religion, national origin, age, disability, veteran status, sexual orientation, genetic data, or other legally protected status.