Information Security Analyst

Title:

Information Security Analyst

The Information Security Analyst is a hands‑on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third‑party risk management, security assessments, and the integration of security controls across enterprise and cloud‑based systems.

The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast‑paced, highly collaborative environment with modern and emerging technologies.

• Support a Technology Vendor Management and Third‑Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring
• Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle
• Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)
• Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications
• Partner with business teams to review workflows and recommend security process improvements
• Support the development and execution of data protection and risk mitigation initiatives
• Produce clear, written security assessments documenting vendor and application security posture
• Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness

• 2–3+ years of experience in Information Technology
• Minimum of 2 years of experience in cybersecurity risk management
• Experience conducting vendor due diligence and third‑party security assessments
• Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI‑DSS, FedRAMP
• Experience coordinating technical security integrations across systems and applications
• Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals
• Ability to analyze complex system architectures and identify security integration opportunities
• Bachelor’s or Master’s degree in a relevant field

• Experience with Third-Party Risk Management or GRC platforms (e.g., One Trust, SIG, or similar tools)
• Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM
• Experience with security logging and event management tools (e.g., SIEM platforms)
• Hands‑on exposure to AWS and/or Azure cloud environments
• Experience producing operational security metrics and dashboards

• Strong cybersecurity fundamentals with a focus on risk, controls, and integrations
• Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)
• Strong written and verbal communication skills

Collaborative, service‑oriented environment where teams support one another while maintaining ownership of individual responsibilities.