Information Security Analyst

Information Security Analyst

Department:
Information Technology

The Information Security Analyst is responsible for independently executing and supporting key components of MCPC’s security, risk, and compliance program. This role reviews the organization’s systems, facilities, processes, and departments to assess security posture and reduce risk across operations, systems, networks, data, and the endpoint lifecycle supply chain.

This position plays an active role in internal audits, policy development, risk management, access governance, and third-party risk management. The Information Security Analyst partners closely with IT, Operations, and business stakeholders and directly supports MCPC’s commitment to protecting client data and maintaining trust by ensuring the confidentiality, integrity, and availability of information assets and services.

• Security Operations &
  
  Risk Management:
  
  Identify, document, and assess security events, risks, and vulnerabilities, including defining remediation recommendations and tracking action plans to closure.
• Perform vulnerability and risk assessments and work with IT teams to drive remediation efforts, access reviews, and system hardening activities.
• Monitor security alerts and events, contributing to the ongoing tuning and improvement of DLP, SIEM, SOAR, and EDR detections.
• Evaluate emerging security threats and vulnerabilities and assess the effectiveness of existing security controls.
• Support secure adoption of new technologies, including Artificial Intelligence solutions, by identifying risks and recommending appropriate safeguards.
• Audits, Compliance & Policy:
  Plan and execute internal security audits of MCPC systems, processes, and facilities to identify control gaps, risks, and improvement opportunities.
• Draft, review, and maintain information security policies, standards, and procedures aligned with industry best practices and regulatory requirements.
• Act as a primary security point of contact for MCPC employees and external parties during audits, assessments, and security reviews.
• Monitor and report on compliance with security awareness initiatives, phishing simulations, and related training programs.
• Maintain and enhance MCPC’s risk register, including risk analysis, prioritization, mitigation strategies, and progress tracking.
• Vendor & Supply Chain
  
  Risk Management:
  
  Conduct security risk assessments for vendors and partners during onboarding and throughout the vendor lifecycle.
• Evaluate third-party security controls, documentation, and attestations to identify and document risk.
• Monitor vendors and partners for reported security incidents, events, and supply chain risks.
• Support vendor risk management activities related to endpoint lifecycle management, IT asset management (ITAM), and IT asset disposition (ITAD) services.
• Incident Response & Resilience:
  Maintain, document, and participate in testing of Incident Response, Disaster Recovery, and Business Continuity plans.
• Participate in security incident response activities, including investigation, coordination, documentation, and post-incident reviews.
• Provide recommendations to improve incident response readiness and operational resilience.
• Program & Administrative Support:
  Collaborate with internal departments to ensure security requirements are embedded into operational and business processes.
• Lead or contribute to security working sessions and document meeting agendas, decisions, and action items.
• Contribute to continuous improvement initiatives across the MCPC Security Program.
• Other tasks as assigned.

• The continuous improvement of MCPC’s Security Program.
• Be a member of a skilled, engaged, and forward-looking security team.
• Reduction in delta between vulnerability discovery and remediation.
• Measurable increase in items analyzed in MCPC’s risk register.

• 2–5 years of experience in Information Security, Risk Management, Compliance, Internal Audit, or Security Operations.
• Bachelor’s degree in Information Security, Information Technology, Computer Science, or a related field, or equivalent professional experience.
• Working knowledge of:
  • Entra  /…