Information Technology Security Analyst

IT Security Controls & Reporting Analyst

We are seeking a detail-oriented and experienced IT Security Controls & Reporting Analyst to join our IT Infrastructure and Security team.

The successful candidate will be responsible for engaging with client security audits, completing extensive cybersecurity questionnaires, leading third-party vendor assessments from a cybersecurity perspective, and maintaining technical documentation.

This role is vital in ensuring our firm’s compliance with security standards and maintaining the integrity of our IT systems.

Key Responsibilities

• Client Security Audits: Engage with client security audits and ensure all cybersecurity requirements are met. Complete extensive cybersecurity questionnaires accurately and in a timely manner.
• Vendor Assessments: In collaboration with the risk and compliance department, lead the cyber and information security assessments of third-party vendors, ensuring they meet our security standards.
• Policy: Develop and maintain security controls and policies to protect the firm’s IT infrastructure.
• Performance Monitoring: Monitor and report on the effectiveness of security controls and recommend improvements. Prepare and present security reports to management and clients.
• Collaboration: Work closely with internal teams to address security vulnerabilities and implement corrective actions.
• Documentation: Create and maintain detailed documentation regarding cybersecurity controls.
• Continuous Learning: Stay up to date with the latest cybersecurity trends, threats, and best practices.
• Security Awareness: Assist in the development and implementation of security awareness training programs for staff.
• Support incident response activities and investigations as needed.
• ISO 27001: Participate in the annual ISO 27001 certification process.

Skills, Knowledge, and Expertise

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• 2-3 years of experience in IT security, with a focus on security controls and reporting.
• Experience with regulatory compliance and audit processes.
• Experience with security risk assessments and mitigation strategies.
• Knowledge of third-party vendor risk management and assessment.
• Strong understanding of cybersecurity principles, frameworks, and best practices.
• Familiarity with security standards and regulations (e.g., ISO 27001, GDPR, HIPAA).
• Strong understanding and knowledge of cloud security principles and best practices, data protection and encryption technologies, network security (including firewalls, IDS/IPS, and VPNs), and identity management.