Security Analyst

Title: Information Security Analyst

Office: Remote

Key Responsibilities:

• Review, assess, profile risks, and prioritize threats and vulnerabilities, ensuring effective tracking and remediation.
• Implement and maintain cybersecurity frameworks to ensure alignment with industry standards and regulatory requirements.
• Analyze contractual agreements to verify compliance with established security controls and frameworks.
• Conduct routine security assessments to confirm adherence to industry standards and regulatory guidelines.
• Provide security awareness training to employees, fostering a culture of security and compliance throughout the organization.
• Develop, update, and manage documentation, including security policies, procedures, and guidelines.
• Stay informed about the latest regulatory changes, industry trends, emerging security threats, and new technologies to proactively address risks.
• Prepare and present reports to senior leadership and stakeholders regarding information security activities, findings, and recommendations.
• Participate in the coordination of IT’s role in the Information Security Incident Response process, ensuring ownership and tracking of all security incidents from notification through resolution.
• Ensure compliance with technical security controls as outlined in Information Security Policies.
• Collaborate with Information Security and Risk Management to implement technical security controls supporting security initiatives.
• Assist with the vulnerability management program and advanced security monitoring to proactively detect and prevent security threats.

Required Qualifications:

• Proven experience in supporting IT security operations.
• Familiarity with standards such as ISO 27001/27002, NIST CSF 2.0, HiTrust Common Security Framework, and HIPAA Privacy and Security Regulations.
• Proficiency with security tools like firewalls, IDS/IPS, email encryption, DLP, vulnerability scanning, penetration testing, anti-virus, and anti-spyware.
• Ability to communicate security risks in business terms and develop practical, risk-based strategies for risk mitigation.
• Knowledge of security frameworks and regulatory requirements (e.g., NIST, ISO 27001, CIS, SOX, GDPR, PCI-DSS).
• Strong expertise in Incident Analysis and Response, including incident tracking, root cause analysis, and implementing process improvements.
• Relevant certifications (e.g., CISSP, CISM, CISA, CRISC) are desirable.