Information Security Analyst (GRC / Risk & Vulnerability Management)
Position Summary We are seeking an experienced Information Security Analyst to support cybersecurity risk management, vulnerability management, and Governance, Risk, and Compliance (GRC) initiatives. This role requires a hands-on security professional who can assess risk, analyze vulnerabilities, drive remediation efforts, and collaborate with technical and business stakeholders to improve the organization's security posture.
Key Responsibilities
- Perform cybersecurity risk assessments and support ongoing risk management activities.
- Analyze and prioritize security vulnerabilities based on business impact and risk exposure.
- Partner with engineering and security teams to drive remediation efforts.
- Conduct security reviews and provide risk-based recommendations.
- Support governance, risk, and compliance initiatives across the organization.
- Monitor vulnerability trends, remediation progress, and security metrics.
- Contribute to process improvements, automation initiatives, and security workflow optimization.
- Communicate technical risks effectively to both technical and non-technical stakeholders.
Required Qualifications
- 5+ years of Information Security or Cybersecurity experience.
- Strong experience in Governance, Risk & Compliance (GRC).
- Hands-on experience with Risk Assessment and Risk Management.
- Experience managing and analyzing security vulnerabilities.
- Ability to articulate risk scenarios and business impact.
- Strong understanding of security frameworks, controls, and methodologies.
- Excellent communication and stakeholder management skills.
- Experience working in a hands-on security analysis role.
Preferred Qualifications
- AWS or cloud security experience.
- Python scripting and security automation.
- Experience with AI-driven workflow automation.
- Application Security experience.
- CI/CD Pipeline Security.
- Infrastructure as Code (IaC) security.
- CISSP or similar security certifications.
Ideal Candidate
- Strategic thinker with strong technical depth.
- Comfortable performing hands-on analysis and investigation.
- Able to work independently with minimal supervision.
- Experienced in driving remediation and influencing risk-based decisions across stakeholders.