Information Security Analyst

Responsibilities:

Maintain and update security policies, controls, and procedures to reflect the firm’s security environment and technological changes.
Respond to client security assessments, complete questionnaires, and support adjustments based on assessment outcomes.
Track remediation actions, controls, and configuration changes to comply with security, legal, and audit standards, including those for SOC2, NIST 800-53, and ISO 27001.
Support risk assessment activities by identifying IT risks and contribute to the management of the firm’s risk register and metrics.
Help conduct internal audits of security practices, ensuring adherence to established policies and addressing findings with corrective measures.
Provide support to external auditors by supplying necessary documentation and insights into the firm’s security practices.
Assist in the development and delivery of security awareness training for employees and support the maintenance of the firm’s security training initiatives.
Report on the information security environment to senior management, including incidents, vulnerability response times, and ongoing risk assessments.
Investigate and analyze security events, effectively respond to phishing attempts, and assist in pinpointing root causes to develop and implement strategies for prevention of future incidents.
Stay informed about current and future security threats and technological developments that could influence the firm’s security posture.
Requirements
Degree in information systems or equivalent work experience are a plus but not required.
CGRC, SSCP,or equivalent certifications and/or experience are a plus but not required.
3+ years of experience in IT, data governance, or information security of data protection and privacy regulations, including GDPR, CCPA, and applicable regulations.