Information Security Analyst 2
About the role
The Information Security Analyst 2 supports enterprise cybersecurity, information protection, governance, risk management, compliance, and security automation initiatives. This role works closely with cybersecurity, risk, engineering, and business teams to enhance security posture, mitigate risk, and ensure adherence to enterprise information security policies and standards.
Responsibilities
- Support enterprise information security governance, risk, and compliance (GRC) activities.
- Assist with remediation and tracking of security assessment findings, audit observations, and control gaps.
- Participate in security control testing, risk assessments, and compliance reviews.
- Analyze information security metrics and develop reports that support risk management and decision making.
- Build and maintain dashboards, reports, and automation solutions that improve cybersecurity visibility.
- Query, analyze, and transform data from multiple sources to identify trends and support security initiatives.
- Collaborate with cybersecurity, engineering, audit, compliance, risk, and business teams to address security challenges.
- Maintain accurate, audit-ready documentation, evidence, and reporting artifacts.
- Track governance and remediation activities through workflow management tools.
- Support continuous process improvement efforts through automation and analytics.
- Communicate security risks, findings, and recommendations to both technical and non-technical stakeholders.
Requirements
- 2+ years of experience in Information Security, Cybersecurity, IT Risk, Compliance, Governance, or a related field.
- Experience supporting security assessments, compliance reviews, audits, risk management, or security remediation activities.
- Strong analytical and problem-solving skills.
- Experience working within large enterprise or highly regulated environments.
- Excellent written and verbal communication skills.
- Strong attention to detail with the ability to manage multiple priorities independently.
- Experience creating documentation, reports, and executive-level presentations.
Preferred Qualifications
- Experience in Information Security Governance, Cybersecurity Risk Management, Governance, Risk & Compliance (GRC), Information Protection, Data Security, Security Assessments, Control Testing, IT Audit, Regulatory Compliance, Data Privacy, Security Reporting and Analytics, or Security Automation.
- Knowledge of information protection and data security principles, encryption technologies and key management concepts, regulatory and audit requirements, security controls and risk frameworks, cybersecurity governance best practices, and enterprise technology environments.
- Bachelor's degree in Information Security, Cybersecurity, Information Systems, Computer Science, Business, or a related field preferred.
- Relevant certifications such as Security+, CISSP, CRISC, CISM, CISCO, Cloud Security Certifications (AWS, Azure, GCP).
Benefits
Everforth Apex offers a comprehensive benefits package including medical, dental, vision, life, disability, ESPP (employee stock purchase program), 401K, HSA (Health Savings Account on the HDHP plan), SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program, and other discounts. Professional development includes an on-demand training program, access to certification prep, a library of technical and leadership courses/books/seminars, and certification discounts and perks for associations like CompTIA and IIBA. For additional information, refer to the 'Welcome Packet' provided by Everforth Apex. For ADA accommodations, contact the Benefits Department at [email protected] or 804-523-8228.