Information Security – Risk & Compliance Analyst
Victaulic · Northampton County, PA · 1 wk ago
Information TechnologyFull-time
Responsibilities
- Risk Assessment & Management
- Conduct information security risk assessments across business units, systems, and processes in accordance with established methodologies.
- Document risk findings, assign risk ratings, and track remediation activities through the risk register.
- Support the development and maintenance of risk treatment plans in coordination with system owners and IT teams.
- Participate in annual and ad hoc enterprise risk reviews, contributing analysis and supporting materials.
- Compliance & Framework Management
- Support compliance activities related to NIST Cybersecurity Framework (CSF), ISO/IEC 27001, CMMC (Cybersecurity Maturity Model Certification), and the EU NIS2 Directive.
- Conduct gap analyses against applicable frameworks and assist in developing remediation roadmaps.
- Maintain compliance documentation, including policies, procedures, control evidence, and assessment reports.
- Monitor regulatory changes and emerging framework updates; summarize implications for the security program.
- Third-Party & Audit Management
- Cook up and support third-party security audits and assessments, including scheduling, evidence collection, and stakeholder communication.
- Aid in managing vendor risk assessments for new and existing third-party vendors and suppliers.
- Track audit findings and corrective action plans, ensuring timely remediation and closure.
- Serve as a liaison between internal teams and external auditors during certification audits.
- Policy, Documentation & Awareness
- Aid in drafting, reviewing, and updating information security policies, standards, and procedures.
- Support the delivery of security awareness training and phishing simulation programs.
- Maintain organized records of all compliance and risk management activities in the Governance, Risk & Compliance platform.
- Collaboration & Reporting
- Collaborate with IT, Legal, Operations, and other business functions to integrate security requirements into business processes.
- Prepare regular status reports and metrics dashboards for management review.
- Contribute to the continuous improvement of the information security program by identifying process gaps and recommending enhancements.
- Foundational understanding of information security principles, including confidentiality, integrity, and availability (CIA).
- Basic understanding of risk assessment methodologies and risk management concepts.
- Familiarity with third-party risk management and audit processes.
- Strong analytical and problem-solving skills with attention to detail.
- Capacity to understand legacy and progressive technology and security controls along with respective risk.
- Working knowledge of technologies such as cloud computing, DevOps, and application security is required.
- Analytical Thinking – applies structured reasoning to evaluate risk and compliance data objectively.
- Integrity & Accountability – Handles sensitive security information with discretion and professionalism.
- Communication – Clearly translates security requirements and findings for varied audiences across the organization.
- Continuous Learning – Proactively keeps pace with evolving security frameworks, threats, and regulatory requirements.
- Collaboration – Builds effective working relationships across IT, operations, and business functions globally.
- Detail Orientation – Produces thorough, accurate documentation and maintains meticulous records of compliance activities.
- 0 – 2 years’ experience in information security, IT audit, risk management, or a related field.
- Bachelor’s degree, cybersecurity certification, or equivalent experience in an information security or related field.
- A minimum of an entry-level certification such as the CompTIA Security+ certification.
- A minimum of one additional risk & compliance certification such as CISA, a plus.