Cyber Defense & Risk Analyst

Overview

HYBRID ROLE BASED OUT OF OUR ATLANTA OFFICE

Our Cyber Defense & Risk Analyst is responsible for strengthening Veritiv’s security posture through both cybersecurity operations and governance, risk, and compliance. This position partners closely with IT teams, Legal, Internal Audit, and third-party security providers to ensure risks are understood, prioritized, and reduced through practical and measurable actions.

• Monitor, analyze, and validate security alerts using Veritiv’s security monitoring ecosystem (e.g., SIEM/MDR, endpoint security, identity protection, and email security tools).
• Investigate, triage, and respond to incidents (e.g., phishing, identity compromise, malware, suspicious network activity), coordinating with internal stakeholders and third-party providers as needed.
• Perform root cause analysis and support containment, eradication, and recovery activities; document incident details, actions taken, and lessons learned.
• Assist with technical security reviews of new or changing technologies (SaaS, cloud services, integrations, and vendors), identifying misconfigurations and recommending compensating controls.
• Partner with Internal Audit and control owners to support IT audit activities (e.g., evidence collection, walkthroughs, remediation validation, and closure of findings).
• Participate in third-party / vendor risk activities, including review of security documentation, questionnaires, and assessment results; help translate vendor technical risks into business impact and mitigation steps.
• Communicate complex technical topics clearly to non-technical stakeholders; produce concise written deliverables (incident summaries, risk write-ups, audit evidence narratives).
• Identify opportunities to automate and streamline GRC and security operations processes (e.g., alert triage, evidence collection, control testing support, reporting), including the responsible use of approved AI-enabled security capabilities to improve speed, consistency, and quality.

• Working knowledge of common security controls and frameworks (e.g., NIST CSF, ISO 27001/27002, CIS Controls) and the ability to map technical issues to control requirements.
• Hands-on experience with at least two of the following areas: security monitoring (SIEM/MDR), incident response, vulnerability management, endpoint security (EDR), identity and access management, email security.
• Experience supporting audits and control testing (e.g., ITGC, internal audit, SOC report reviews), including evidence collection and remediation tracking.
• Ability to write clearly and maintain thorough documentation (risk statements, procedures, incident notes, and audit evidence narratives).
• Strong interpersonal and communication skills, including the ability to work effectively with both technical teams and business stakeholders.
• Aptitude and desire to leverage AI-enabled capabilities and automation to improve security outcomes (e.g., workflow automation, scripting, playbooks, and repeatable process improvement) while maintaining appropriate governance and data handling practices.
• IT, Risk Management, Computer Science and Business Administration majors preferred.

• 3-5 years of related job experience.
• Ability to manage multiple projects, work under pressure, and adapt to sudden changes in the work environment.
• Ability to work quickly and efficiently.
• Excellent verbal, written, people, and diplomacy skills are required.
• Experience of interpreting strategy and policy in order to set and deliver objectives.
• Proficient with Microsoft Office Suite.
• Strong customer service skills (friendly, courteous and helpful).
• Strong planning and organization skills are required.

• Bachelor's Degree Preferred
• CISSP - Certified Information Systems Security Professional
• CISA - Certified Information Systems Auditor