×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Information Security - Risk & Compliance Analyst

Job in Easton, Northampton County, Pennsylvania, 18042, USA
Listing for: Victaulic Co
Full Time position
Listed on 2026-06-14
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below
Job Description

The Security Risk & Compliance Analyst supports the organizations global information security program by assisting in the identification, assessment, and management of information security risks and compliance demands across Victaulic's entire organization. This position plays an integral role in ensuring the company meets its obligations under domestic and international regulatory frameworks, including but not limited to, NIST CSF, ISO
27001, CMMC and the EU's NIS2 Directive. The analyst will work closely with internal stakeholders, external auditors, and third-party vendors to support a culture of security awareness and continuous compliance improvement.

The ideal candidate for this role will have knowledge of, if not actual experience, in the processes of obtaining and maintaining compliance with security frameworks as well as an understanding of industry standard Information Technology auditing.

Responsibilities

Risk Assessment & Management

* Assist in conducting information security risk assessments across business units, systems, and processes in accordance with established methodologies.

* Document risk findings, assign risk ratings, and track remediation activities through the risk register.

* Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.

* Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.

Compliance & Framework Management

* Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.

* Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.

* Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.

* Monitor regulatory changes and emerging framework updates; summarize implications for the security program.

Third-Party & Audit Management

* Coordinate and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.

* Assist in managing vendor risk assessments for new and existing third-party vendors and suppliers.

* Track audit findings and corrective action plans, ensuring timely remediation and closure.

* Serve as a liaison between internal teams and external auditors during certification audits.

Policy, Documentation & Awareness

* Assist in drafting, reviewing, and updating information security policies, standards, and procedures.

* Support the delivery of security awareness training and phishing simulation programs.

* Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.

Collaboration & Reporting

* Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.

* Prepare regular status reports and metrics dashboards for management review.

* Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.

Qualifications

Technical Experience

* Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).

* Basic understanding of risk assessment methodologies and risk management concepts.

* Familiarity with third-party risk management and audit processes.

* Strong analytical and problem-solving skills with attention to detail.

* Capacity to understand legacy and progressive technology and security controls along with respective risk.

* Working knowledge of technologies such as cloud computing, Dev Ops, and application security is required.

General Requirements

* Analytical Thinking - applies structured reasoning to evaluate risk and compliance data objectively

* Integrity & Accountability - Handles sensitive security information with discretion and professionalism.

* Communication - Clearly translates security requirements and findings for varied audiences across the organization

* Continuous Learning - Proactively keeps pace with evolving security…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search