IT Compliance and Security Analyst
Listed on 2026-07-14
-
IT/Tech
Cybersecurity, Information Security
About Us
Company Overview
Foundation Building Materials (FBM) is a leading construction materials distribution company serving the commercial and residential construction markets across United States and Canada. In conjunction with Unified Door & Hardware Group (UDHG), a premier provider of commercial door, frame, and hardware solutions, FBM supports a broad range of construction and architectural projects nationwide.
Together, FBM and UDHG’s 8,000+ Team Members are committed to operational excellence, innovation, and employee development. By combining scale, specialty expertise, and a customer-first mindset, we deliver high-quality products and services to contractors, builders, and project teams across diverse markets. As the organization continues to grow and evolve following the recent acquisition by Lowe’s, we are investing in strong, forward-thinking talent to support our long-term success.
OverviewPosition Overview
The IT Compliance and Sec Analyst is responsible for supporting the day-to-day operational aspects of IT system security designs, policies, and solutions in partnership with Security Architects, Technical Operations, and Information Security leadership. This role participates in projects across business and IT teams and supports enterprise information security initiatives that protect company systems, networks, applications, and information assets while reducing organizational risk and maintaining compliance requirements.
Responsibilitiesand Qualifications Key Responsibilities
Information Security Operations & Risk Management
- Assess information security risks and facilitate remediation of identified vulnerabilities across the enterprise.
- Assess information risks and facilitate remediation of identified vulnerabilities affecting networks, systems, and applications.
- Monitor computer networks, systems, and cloud environments for security-related events and concerns.
- Prepare findings and recommendations for corrective actions related to identified security risks and vulnerabilities.
- Investigate and document security breaches and cybersecurity incidents.
- Facilitate and monitor risk remediation activities and report findings related to risk mitigation efforts.
- Perform vulnerability scans in partnership with Technical Operations teams and support remediation efforts.
- Support IT audits, IT risk assessments, and regulatory compliance activities.
- Perform assessments of the IT security and risk posture across networks, systems, software applications, and third‑party vendors as part of the Vendor Management Program.
- Support compliance initiatives related to PCI, SOC, and other applicable security requirements. Infrastructure Security & Technical Collaboration.
- Collaborate with Technical Operations teams to implement and maintain security measures designed to protect systems and information infrastructure.
- Support the implementation and operation of security technologies including firewalls and data encryption solutions.
- Participate in cross‑functional initiatives involving business and IT stakeholders to support enterprise information security objectives. Security Awareness & Continuous Improvement.
- Stay current on information security trends, standards, emerging threats, and industry developments.
- Develop company‑wide information security best practices and recommendations.
- Research security enhancements and provide recommendations to management.
- Support and administer the organization's Security Awareness Program.
- Perform other duties as assigned to support IT and corporate objectives.
- Experience in an information security related role with exposure to PCI, SOC compliance, risk assessments, and related security initiatives.
- Experience with networking security technologies and integrating security technologies into enterprise environments.
- Experience with computer network penetration testing, vulnerability testing, and related techniques.
- Experience identifying, mitigating, and communicating cloud, network, and system vulnerabilities and misconfigurations across Azure, AWS, and GCP environments.
- Experience…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).