Security Analyst

About The Position

Requirements

• A Bachelor's degree in a related field or equivalent professional experience.
• 5+ years of experience in IT security risk management, a security operations center (SOC), or system administration.
• 3+ years of experience assessing security controls, processes, and vulnerabilities, regulatory and legal changes, and security standards that may impact the security of systems or data.
• Hands-on experience with Governance, Risk, and Compliance (GRC) tools.
• Experience with identity and access management for both on-premise and cloud (Azure, AWS) environments.
• Excellent communication skills, with the ability to explain technical concepts to different audiences.
• Ability to adapt and thrive in a dynamic work environment.

Nice To Haves

• Certifications like CISSP, CRISC, or CISA are a plus.

Responsibilities

• Risk Assessment & Analysis Conduct risk and security assessments of applications, databases, servers, and network hardware to identify, evaluate, and prioritize risks.
• Assess potential risks and vulnerabilities to establish security baselines and assist with deviation responses.
• Perform risk assessments against compliance standards (HIPAA, PCI) and security frameworks (NIST, CIS, ISO 27001).
• Evaluate emerging technologies to determine how they fit within our security architecture.
• Review security controls before hardware or software is moved to production.
• Work with business units to review vendor security and ensure compliance with all regulations and requirements.
• Remediation & Incident Response Provide actionable recommendations to mitigate vulnerabilities and strengthen our security posture.
• Develop and execute remediation plans for identified issues, risks, or vulnerabilities.
• Analyze, assess, and track security incidents.
• Develop and maintain standard procedures for responding to identified threats.
• Monitor system activities and events to detect, classify, and respond quickly to threats.
• Work with the information security team to support incident escalation and remediation.
• Governance & Strategy Advise on security architecture for new and existing systems, ensuring alignment with best practices and company policies.
• Oversee access control risk management, including auditing controls and recommending improvements.
• Develop and maintain risk registers and other risk management documentation.
• Monitor and report on the effectiveness of risk mitigation strategies.
• Support the development and testing of disaster recovery and business continuity plans.
• Develop and support the achievement of strategic security objectives.
• Collaboration & Awareness Collaborate with IT teams to solve information security issues in a timely manner.
• Participate in annual security audits, incident response exercises, and compliance reporting.
• Oversee the security awareness program, including phishing campaigns, training, and compliance tracking.