Senior Security Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology or equivalent subject area
• 5+ years of experience in information security, risk management, compliance, or related fields.
• Strong understanding of third-party risk management processes and frameworks.
• Familiarity with key security & privacy regulations, and risk management frameworks (e.g. CCPA, SOC 2, ISO 27001, NIST, CMMC).
• Knowledge of compliance regulations and standards.
• Experience with conducting security assessments, audits, and risk evaluations.
• Knowledge of security controls, risk mitigation strategies, and vendor management best practices.
• Excellent communication and interpersonal skills with the ability to convey complex technical information to both technical and non-technical stakeholders. The candidate should be able to “sell” ideas and processes internally at all levels.
• Strong analytical & problem-solving skills and detail-oriented attention to detail-to be able to analyze complex situations, identify root causes, and develop solutions.
• Ability to work independently, manage multiple projects, and meet deadlines in a fast-paced environment.
• Effective influencing and negotiation skills in complex environments where resources required for success may not be in direct control of this role.
• Demonstrated presentation skills and credibility to win support and align the organization.

Responsibilities

• Assess and manage contractual and regulatory obligations in accordance with company policies, industry standards, and regulatory requirements (e.g. SOC 2, ISO 27001, NIST CSF, NIST 800-171, CMMC, etc.).
• Manage security standards, policies, and practices on an annual basis to make sure they meet company demands.
• Assist the Business in responding to inquiries from customers about Security controls and compliance.
• Look for improvement and offer insightful advice and value-added guidance on process and control enhancements.
• Conduct comprehensive risk assessments of third-party vendors, partners, and service providers to evaluate security posture, compliance status, and risk exposure.
• Collaborate with cross-functional teams, including Legal, IT, and Procurement, to establish risk management strategies for third-party relationships.
• Maintain processes for third-party security evaluations, onboarding, and ongoing risk monitoring.
• Manage the lifecycle of third-party risk management, from initial assessment to contract negotiations and continuous monitoring.
• Work with vendors and internal teams to ensure that appropriate remediation plans are put in place for identified risks.
• Prepare regular reports on third-party risk and compliance status for senior management and relevant stakeholders.
• Stay up-to-date with the latest trends and best practices in third-party risk management, cybersecurity, and regulatory compliance.
• Respond to information security incidents, perform root cause analysis, and lead incidents and problems to resolution.
• Work with other technical staff to execute information security initiatives and projects.
• Monitor information security systems for risk events and manage discovered vulnerabilities to acceptable remediations.

Benefits

• Medical and prescription drug plans that includes no additional cost vision coverage
• Dental plan
• 401k retirement plan with a generous Mortenson match
• Paid time off, holidays, and other paid leaves
• Employer paid Life, AD&D, and disability insurance
• No-Cost mental health tool and concierge with extensive work-life resources
• Tuition reimbursement
• Adoption Assistance
• Gym Membership Discount Program