Information Security Analyst

Client: Top Eyewear Manufacturer

Job Title: Information Security Analyst

Start Date: 5/26/25

Duration: 6 months

Work Hours: 8-5pm (40 hours per week)

Location: Mason, OH (Hybrid - 2x week Tu/Th)

HOURLY RATE: $35-37/hour

***(Background check, 5 panel Drug screening and OIG/GSA Screenings required)***

Job Description:

• The Information Security Analyst will serve a critical role in supporting Vision Care information security and compliance requirements and initiatives.
• This role is focused on providing oversight, driving, facilitating and coordinating the management of vulnerabilities across the enterprise, rather than performing hands-on technical remediation.
• The analyst will work closely with internal teams and stakeholders to ensure timely remediation efforts, providing visibility into risk status through tracking and reporting.
• The analyst will also be responsible for compiling and delivering progress updates and reports to leadership and responding to client inquiries related to the organization s vulnerability management and remediation efforts.
• Overall, the analyst will contribute to the organization s compliance with audits, attestations, and regulatory obligations such as HIPAA, HITRUST,

Responsibilities:

• Monitor and analyze vulnerability assessment data to identify and communicate technical risks to the organization
• Support the identification and impact classification for new vulnerabilities identified in the environment
• Execute and support vulnerability assessments, penetration testing and social engineering activities
• Provide the Information Security and IT Security team information on the emerging cyber threat landscape, including threat actor tactics, techniques, and procedures
• Facilitate vulnerability management processes by tracking and coordinating remediation efforts across multiple teams
• Ensure timely closure of security gaps by working with application, infrastructure, and operations teams
• Support IS in achieving the vision and strategic objectives of the vulnerability program
• Provide regular updates and risk summaries to leadership regarding the status of remediation efforts
• Support leadership to identify capability gaps in vulnerability management services
• Support responses to client and third-party security inquiries, questionnaires, and audit requests related to vulnerability management
• Manage and utilize IS tools such as DLP, Code scanner, external security profile, internal and external scanning tools and scoring platforms etc. to analyze gaps in security controls
• Participate in the IT SDLC program to ensure that security is included in project by default and by design
• Develop strong working relationships across business, technology units and potentially clients to ensure a high degree of alignment and accountability in remediation, security compliance and client satisfaction.
• Collaborate with cross-functional teams to improve security posture and embed security into existing IT and operational workflows
• Assist with regulatory and compliance requirements, contributing to security audits, attestations, and certifications
• Brief IS leadership on vulnerability assessment results and potential risks
• Conduct analysis, aggregate and report on vulnerability data from various scanning tools and platforms
• Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) function

Basic Qualifications:

• Bachelor s degree in computer science, IT or equivalent
• 3 years of experience in IT Risk or IS or Compliance
• Experience with major standards such as: SOC 1-2, ISO 27001/2, PCI DSS, HITRUST, SANS, NIST
• Demonstrated experience in implementing compliance frameworks for financial services organizations with similar information security needs and requirements
• Familiarity and understanding of a broad range of IT hardware and software products
• Strong project and time management abilities
• Excellent presentation, verbal communication, and written skills
• Excellent analytical, problem-solving and organizational skills
• Experience managing typical enterprise security and intrusion detection systems, especially in a regulated environment
• Ability to work in a collaborative environment across business and technology teams
• Experience in producing clear and actionable reports for technical and non-technical stakeholders

Preferred Qualifications:

• Certified Information Systems Security Profession (CISSP), PCI DSS, Certified HIPAA Privacy Security Expert (CHPSE), Certified Information Security manager (CISM), Global Information Assurance Certification (GIAC), or related.
• Experience or knowledge with healthcare, health insurance, managed care, or regulated industries
• Knowledge of CMS and HIPAA related vendor standards and requirements
• Working knowledge of Security SDLC tools
• Familiarity or experience with the following tools: o Security Scorecard, BitSight, SSL Labs o Nessus Pro, Qualys o Splunk, JIRA o HCL AppScan, or similar code scanning and vulnerability tools