More jobs:
Information Security Analyst; GRC & Operations
Job in
Las Vegas, Clark County, Nevada, 89105, USA
Listed on 2026-07-16
Listing for:
WHSmith
Full Time
position Listed on 2026-07-16
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Information Security Analyst (GRC & Operations) - (SSC - 9090.1)
Location:
Support Center - Las Vegas, NV 89119 US (Primary)
Job Type: Full-time
Category:
Information Technology
- Secure the organization's systems and information assets by applying cybersecurity best practices and protecting against unauthorized access, modification, or destruction.
- Partner with end users and department leaders to identify security needs and embed appropriate controls across business units.
- Deploy, integrate, and configure new and existing security solutions in line with standard operating procedures.
- Serve as a Tier 1 responder for cybersecurity alerts and remediations — triage, contain, escalate, document, and investigate problematic or anomalous activity.
- Support vulnerability assessments and penetration testing and coordinate timely remediation of identified weaknesses.
- Administer periodic access reviews to enforce least privilege.
- Support the global cybersecurity compliance program, maintaining alignment with frameworks such as NIST CSF, CIS Controls, ISO 27001, and PCI DSS.
- Perform continuous control assessments, document evidence, identify gaps, and report findings to key stakeholders.
- Maintain the risk register, control catalog, and support policies, standards, and procedures; assist with internal/external audits, third-party risk reviews, and ongoing monitoring.
- Deliver corporate cybersecurity training — new-hire onboarding, annual refreshers, role-based training, and phishing simulations.
- Manage training and awareness metrics (completion rates, click/report rates, repeat offenders, behavioral trends), report results to leadership, and coordinate remedial training with HR, IT, and managers.
- Foster a culture of security consciousness across the organization.
Compensation: $62,000 - 80,000
Benefits- Excellent Medical, Dental & Vision Insurance, Life Insurance, Short & Long-Term Disability Insurance
- Competitive Compensation
- Exceptional Time-Off Benefits including FTO and Holidays
- Growth opportunities and opportunities for career development
- 401k with company match
- Employee Assistance Program
- Incredible Employee Discounts through our Discount Marketplace!
WHSmith North America is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sexual orientation, national origin/ancestry, age, gender identity, gender expression, military/veteran status, marital status, disability status or any other basis prohibited by law.
Qualifications- Education: Bachelor of Science in Cybersecurity or a related field, or equivalent hands‑on experience.
- Experience: 1–2 years of experience or internships in cybersecurity, IT, or GRC — or a strong academic background with relevant projects, certifications, or lab work.
- Frameworks & standards: Foundational understanding of common cybersecurity frameworks such as NIST CSF, CIS Controls, ISO 27001, or PCI DSS, and an interest in growing into continuous control assessments and compliance work.
- Security operations & EDR: Exposure to endpoint security or EDR tooling and a basic understanding of alert triage, escalation, and incident documentation; willingness to learn Tier 1 response workflows.
- Vulnerability & access management: Familiarity with vulnerability scanning concepts, remediation tracking, user access reviews, and least‑privilege principles.
- Risk, policy & audit: Awareness of risk management and policy concepts, with an interest in supporting control assessments, evidence collection, and audit activities.
- Security awareness & training: Interest in helping build and deliver cybersecurity awareness content (onboarding, annual, phishing simulations) and tracking basic training and phishing metrics.
- Communication: Clear written and verbal communication skills, with the ability to explain technical topics to non‑technical coworkers.
- People & soft skills: Approachable, collaborative, and customer‑service oriented — comfortable working across departments, building trusted relationships, and engaging users with patience and empathy (especially when coaching on phishing, training, or access topics). Strong teamwork, active listening, and a positive, professional demeanor.
- Mindset: Curious, detail‑oriented, and eager to learn — comfortable asking questions and growing into broader security and GRC responsibilities.
- Limited standing, walking, climbing, crouching, bending, pushing, or pulling
- Limited travel or overnight
- Occasional travel or overnight
- Frequent travel or overnight; including international
- Normal or corrected vision and hearing
- Can distinguish varying or specific colors, patterns, or materials
- Fluency in English is required for training, customer interactions, and ensuring compliance with company policies and procedures
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×