Information Security Analyst POST NUMBER: 464906

Title: Information Security Analyst

Role Overview: The Information Security Analyst is a hands-on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third-party risk management, security assessments, and the integration of security controls across enterprise and cloud-based systems.

The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast-paced, highly collaborative environment with modern and emerging technologies.

Key Responsibilities

• Support a Technology Vendor Management and Third-Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring

• Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle

• Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)

• Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications

• Partner with business teams to review workflows and recommend security process improvements

• Support the development and execution of data protection and risk mitigation initiatives

• Produce clear, written security assessments documenting vendor and application security posture

• Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness

Required Qualifications

• 2–3 years of experience in Information Technology

• Minimum of 2 years of experience in cybersecurity risk management

• Experience conducting vendor due diligence and third-party security assessments

• Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP

• Experience coordinating technical security integrations across systems and applications

• Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals

• Ability to analyze complex system architectures and identify security integration opportunities

• Bachelor’s or Master’s degree in a relevant field

Preferred Qualifications

• Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools)

• Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM

• Experience with security logging and event management tools (e.g., SIEM platforms)

• Hands-on exposure to AWS and/or Azure cloud environments

• Experience producing operational security metrics and dashboards

Tools & Skills

• Strong cybersecurity fundamentals with a focus on risk, controls, and integrations

• Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)

• Strong written and verbal communication skills

Work Environment

Collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities.