IT Security and Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or equivalent professional experience.
• 3+ years of experience in cybersecurity operations, compliance, vulnerability management, or audit support.
• Practical experience supporting incident response, vulnerability remediation, and audit evidence production.
• Strong understanding of information security controls and operational risk management.
• Ability to translate security findings into clear remediation actions.
• Strong documentation, analytical, and stakeholder communication skills.
• Comfortable operating in regulated, mission‑critical operational environments.

Nice To Haves

• Security or audit‑related certifications preferred (CISSP, CISM, CISA, Security+, SSCP).
• Experience working with third‑party service providers and regulated environments is desirable.

Responsibilities

• Monitor, analyze, and investigate security events using SIEM, EDR, email, cloud, and endpoint security tools.
• Coordinate incident response activities including containment, eradication, recovery, and post‑incident reviews.
• Maintain and improve incident response playbooks and track response metrics and corrective actions.
• Coordinate vulnerability scanning and validation across infrastructure, endpoint, cloud, and application environments.
• Prioritize vulnerabilities based on severity, asset criticality, and exploitability.
• Track remediation SLAs, exceptions, and risk acceptances; report status and trends to stakeholders.
• Support on‑premises and cloud identity platforms and secure authentication controls.
• Assist with joiner/mover/leaver processes, access reviews, and privileged access governance.
• Support enforcement of MFA, conditional access, and least‑privilege principles.
• Support internal and external audits including SOX ITGC, ISO 27001, NIST CSF, NIST 800-171, and contractual requirements.
• Maintain audit evidence, control documentation, and test artifacts.
• Support proactive control monitoring to reduce repeat audit findings.
• Assist with regulatory readiness including aviation‑specific security requirements (e.g., EASA Part‑IS).
• Support supplier security due diligence including questionnaires and review of SOC and ISO artifacts.
• Track vendor remediation actions and reassessment schedules for higher‑risk suppliers.
• Partner with Procurement and Legal to support security obligations in vendor contracts.
• Support IT emergency response, disaster recovery, and business continuity planning and exercises.
• Assist with security awareness initiatives and targeted training programs.

Benefits

• Bristow Group is an Equal Opportunity Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
• Bristow Group provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, genetic information, or any other characteristic protected by federal, state, or local laws.
• Bristow Group is committed to ensuring equal employment opportunity, including providing reasonable accommodations to individuals with a disability.