IT Security Analyst

Position Summary

We are seeking a detail-oriented and proactive IT Security Analyst with expertise in conducting and supporting internal and external audits. The ideal candidate will assist in managing security risks, development and supporting organizational policies and standards related to IT security, and assist in the conducting internal audits and supporting the external SOC 2 audit. This role is essential in safeguarding the organization's information assets while ensuring alignment with industry best practices and audit frameworks.

Key Responsibilities

Audit Support and Compliance:

• Coordinate and facilitate internal and external IT security audits, including regulatory, financial, and operational audits.
• Prepare and maintain documentation and evidence to support audit requests and requirements.
• Collaborate with external auditors to ensure successful completion of security audits and assessments.
• Identify gaps or non-compliance issues discovered during audits and work with relevant teams to implement corrective actions.
• Monitor compliance with frameworks such as ISO 27001, SOC 2, GDPR, HIPAA, or other applicable standards.
• Assist in the development of corporate policies and procedures.

Security Monitoring and Analysis:

• Conduct periodic security assessments and vulnerability scans to identify risks.
• Analyze security threats, vulnerabilities, and incidents to recommend appropriate mitigation strategies.
• Assist in the development and enforcement of IT security policies, procedures, and standards.

Risk Management:

• Perform risk assessments to evaluate the potential impact of security issues on business operations.
• Develop and recommend security controls to mitigate identified risks.
• Maintain a risk register and track remediation efforts.

Documentation and Reporting:

• Create and maintain documentation for security policies, procedures, and audit evidence.
• Provide regular status reports to management on compliance, audit outcomes, and risk assessments.
• Develop training materials and conduct awareness sessions on IT security best practices.

Collaboration and Continuous Improvement:

• Partner with cross-functional teams, including IT, legal, HR, and business units, to ensure security compliance.
• Stay updated with the latest IT security trends, tools, and regulatory changes.
• Contribute to the continuous improvement of the organization’s security posture.

Qualifications and Requirements

Education:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent work experience).

Experience:

• 3-5 years of experience in IT security, compliance, or auditing roles.
• Proven experience managing and supporting internal and external audits.
• Familiarity with audit frameworks and regulatory standards (e.g., ISO 27001, SOC 2, PCI DSS, NIST, HIPAA, GDPR).

Technical Skills:

• Understanding of IT systems, networking concepts, and security tools (e.g., firewalls, SIEM systems, endpoint protection).
• Proficiency with tools for vulnerability scanning, risk assessment, and compliance management.
• Experience with audit preparation and tools like GRC platforms.

Certifications (Preferred):

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CompTIA Security or equivalent

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication skills, both written and verbal.
• Ability to work independently and collaboratively in a fast-paced environment.
• Detail-oriented with strong organizational and multitasking abilities.

We are an equal opportunity employer.