Information Security Analyst

A global leader in commercial real estate loan services based in Charlotte, North Carolina, requires an Information Security Analyst to join a rapidly expanding team. This is a hybrid role spending 3 days per week in the office, with responsibility for protecting proprietary information and supporting adherence to company security policies. You will work to identify, assess, and remediate possible security risks in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security posture.

Key Responsibilities - Information Security Analyst

• Partner closely with our Security Operations Center as a Service (SOCaaS) on all relevant activities.
• Investigate anomalous activity, suspect actions, and possible security breaches.
• Complete the security component of the company’s third-party vendor assessment and monitoring program.
• Respond to security audit requests to include internal (TISP) as well as external audits (SOC 1/SOC 2, CSP).
• Assist with client information security audits and client security questionnaires.
• Coordinate vulnerability reviews to include vulnerability scans and PEN testing; address findings with the relevant department for full remediation and create reporting.
• Drive the Monthly Termination Review and semi-annual User Access Review (UAR).
• Support the Security Awareness Training (SAT) program to include coordinating ongoing user training and threat campaigns.
• Assist with overseeing any incidents and writing up incident reports.
• Review and research alerts received (DLP, Encryption) and recommend configuration/system change if relevant.
• Ensure the Incident Response Scenario (IRS) Playbooks are updated and tested annually.
• Coordinate the completion and reporting of quarterly Firewall Reviews and Unauthorized Device scans.
• Assist with periodic compliance reviews to ensure users are following security policies and procedures.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
• Monitor effective completion of security patching for servers and user systems.
• Assess and partner with technical teams on Identity Access Management best practices.
• Provide insight into security controls for corporate technology projects.
• Provide input into the information security policies, standards, and procedures taking into consideration security risk.
• Stay up to date on security trends and recommend proactive changes to address evolving threats and risks to the organization or our clients.

Skills & Experience - Information Security Analyst

• 3-5 years of experience in Information Security (InfoSec) Risk fundamentals.
• Bachelor's degree in computer science/related field or comparable certification (CompTIA Security , CISM)
• Knowledge of security-based models, frameworks, and regulations (ISO, NIST, GLBA, AUB, EU Data Protection Regs, GDRP, CCPA)
• Knowledge of industry-standard hardware, software, and operating systems
• Experience with computer network penetration testing techniques and scanning tools
• Understanding of firewalls, Security Information Event Management (SIEM), patching, Single Sign On (SSO), Identity Access Management (IAM), Data Loss Prevention (DLP), Multi- Factor Authentication (MFA), and antivirus concepts
• Excellent written and verbal communication and presentation skills.
• Effective and creative problem-solving skills.
• Good reporting & analytical skills, preferably advanced in MS tools.

This is an outstanding Information Security Analyst opportunity with a forward-thinking company where ambitious professionals unite to explore, develop, and excel alongside peers who share a passion for curiosity and teamwork. For further information and to register your interest please send in your resume details to matt@auricoe.com for immediate review.