Information Security Analyst

Responsibilities:

• Maintain and update security policies, controls, and procedures to reflect the firm’s security environment and technological changes.
• Respond to client security assessments, complete questionnaires, and support adjustments based on assessment outcomes.
• Track remediation actions, controls, and configuration changes to comply with security, legal, and audit standards, including those for SOC2, NIST 800-53, and ISO 27001.
• Support risk assessment activities by identifying IT risks and contribute to the management of the firm’s risk register and metrics.
• Help conduct internal audits of security practices, ensuring adherence to established policies and addressing findings with corrective measures.
• Provide support to external auditors by supplying necessary documentation and insights into the firm’s security practices.
• Assist in the development and delivery of security awareness training for employees and support the maintenance of the firm’s security training initiatives.
• Report on the information security environment to senior management, including incidents, vulnerability response times, and ongoing risk assessments.
• Investigate and analyze security events, effectively respond to phishing attempts, and assist in pinpointing root causes to develop and implement strategies for prevention of future incidents.
• Stay informed about current and future security threats and technological developments that could influence the firm’s security posture.

Requirements

• Degree in information systems or equivalent work experience are a plus but not required.
• CGRC, SSCP, or equivalent certifications and/or experience are a plus but not required.
• 3+ years of experience in IT, data governance, or information security of data protection and privacy regulations, including GDPR, CCPA, and applicable regulations.