Jobs · Information Technology · Pennsylvania

Information Security – Risk & Compliance Analyst

Victaulic · Northampton County, PA · 1 wk ago
Information TechnologyFull-time

Responsibilities

  • Risk Assessment & Management
    • Conduct information security risk assessments across business units, systems, and processes in accordance with established methodologies.
    • Document risk findings, assign risk ratings, and track remediation activities through the risk register.
    • Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.
    • Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.
  • Compliance & Framework Management
    • Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.
    • Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.
    • Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.
    • Monitor regulatory changes and emerging framework updates; summarize implications for the security program.
  • Third-Party & Audit Management
    • Cook up and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.
    • Aid in managing vendor risk assessments for new and existing third-party vendors and suppliers.
    • Track audit findings and corrective action plans, ensuring timely remediation and closure.
    • Serve as a liaison between internal teams and external auditors during certification audits.
  • Policy, Documentation & Awareness
    • Aid in drafting, reviewing, and updating information security policies, standards, and procedures.
    • Support the delivery of security awareness training and phishing simulation programs.
    • Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.
  • Collaboration & Reporting
    • Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.
    • Prepare regular status reports and metrics dashboards for management review.
    • Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.

    Qualifications

    • Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).
    • Basic understanding of risk assessment methodologies and risk management concepts.
    • Familiarity with third-party risk management and audit processes.
    • Strong analytical and problem-solving skills with attention to detail.
    • Capacity to understand legacy and progressive technology and security controls along with respective risk.
    • Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
    • Analytical Thinking – applies structured reasoning to evaluate risk and compliance data objectively.
    • Integrity & Accountability – Handles sensitive security information with discretion and professionalism.
    • Communication – Clearly translates security requirements and findings for varied audiences across the organization.
    • Continuous Learning – Proactively keeps pace with evolving security frameworks, threats, and regulatory requirements.
    • Collaboration – Builds effective working relationships across IT, operations, and business functions globally.
    • Detail Orientation – Produces thorough, accurate documentation and maintains meticulous records of compliance activities.

    Education & Certifications

    • 0 – 2 years’ experience in information security, IT audit, risk management, or a related field.
    • Bachelor’s degree, cybersecurity certification, or equivalent experience in an information security or related field.
    • A minimum of an entry-level certification such as the CompTIA Security+ certification.
    • A minimum of one additional risk & compliance certification such as CISA, a plus.

Similar jobs

Information Security Risk Analyst

Midcontinent Independent System Operator (MISO)Greater Indianapolis· 4 days ago
Information Technology$105k–$130k/yrapply on careers.misoenergy.org