Information Security Analyst

Position: Information Security Compliance Analyst

Location: FULLY REMOTE, working in EST

Duration: Permanent Direct Hire

Salary: $85,000-$90,000

Overview:

We are seeking a skilled and detail-oriented Information Security Compliance Analyst to ensure our organization meets regulatory and industry-specific cybersecurity requirements. The ideal candidate will have a strong understanding of cybersecurity frameworks and regulations, with experience implementing and maintaining compliance programs. This role is critical in protecting the organization's systems and data while fostering a culture of compliance.

Key Responsibilities:

• Compliance Management:
• Monitor and assess the organization’s compliance with regulations and standards (e.g., GDPR, CCPA, SOC 2, NIST, US Section 508, PCI DSS).
• Ensure security controls align with regulatory and organizational requirements.
• Stay updated on emerging cybersecurity and privacy laws and advise the organization on necessary adjustments.
• Policy Development & Maintenance:
• Develop, review, and update cybersecurity policies, procedures, and guidelines to ensure compliance.
• Collaborate with cross-functional teams to implement policies effectively.
• Audits & Assessments:
• Conduct internal and external cybersecurity audits to ensure compliance with applicable standards.
• Perform third party risk assessments.
• Prepare documentation and evidence for regulatory audits and assessments.
• Address audit findings and provide recommendations for corrective actions.
• Risk Assessment & Mitigation:
• Perform regular cybersecurity risk assessments and provide recommendations to address vulnerabilities.
• Collaborate with IT and security teams to implement mitigation strategies and maintain secure systems.
• Training & Awareness:
• Develop and deliver cybersecurity compliance training to employees.
• Promote a culture of security and compliance through ongoing awareness initiatives.
• Incident Management:
• Monitor, document, and respond to security incidents to ensure proper handling and compliance.
• Ensure incident response procedures align with regulatory requirements and best practices.
• Reporting & Documentation:
• Maintain comprehensive records of compliance activities, assessments, and incident responses.
• Maintain required documentation for government contracts (e.g., SSPP)
• Generate reports for management and regulatory bodies detailing compliance status and improvements.

Must-haves

• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or related field. Equivalent work experience will also be considered.
• 2–4 years of experience in cybersecurity compliance, information security, or a related field.
• Experience with cybersecurity frameworks and standards (e.g., NIST CSF, SOC2, PCI DSS).
• Strong understanding of cybersecurity principles, tools, and best practices.
• Familiarity with regulatory requirements such as SOC 2, GDPR, FISMA, and PCI DSS.
• Ability to perform gap analyses and develop remediation plans.
• Proficiency in compliance management tools and reporting software.

Plusses

• Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certifications.