IT Security and Compliance Analyst
Bristow Group · Houston, TX · 2 wk ago
LegalFull-time
Principal Responsibilities
- Monitor, analyze, and investigate security events using SIEM, EDR, email, cloud, and endpoint security tools.
- Coincide incident response activities including containment, eradication, recovery, and post-incident reviews.
- Maintain and improve incident response playbooks and track response metrics and corrective actions.
- Coordinate vulnerability scanning and validation across infrastructure, endpoint, cloud, and application environments.
- Prioritize vulnerabilities based on severity, asset criticality, and exploitability.
- Track remediation SLAs, exceptions, and risk acceptances; report status and trends to stakeholders.
- Support on-premises and cloud identity platforms and secure authentication controls.
- Aid with joiner/mover/leaver processes, access reviews, and privileged access governance.
- Affirm enforcement of MFA, conditional access, and least-privilege principles.
- Support internal and external audits including SOX ITGC, ISO 27001, NIST CSF, NIST 800-171, and contractual requirements.
- Maintain audit evidence, control documentation, and test artifacts.
- Support proactive control monitoring to reduce repeat audit findings.
- Aid with regulatory readiness including aviation-specific security requirements (e.g., EASA Part-IS).
- Support supplier security due diligence including questionnaires and review of SOC and ISO artifacts.
- Track vendor remediation actions and reassessment schedules for higher-risk suppliers.
- Partner with Procurement and Legal to support security obligations in vendor contracts.
- Sustain IT emergency response, disaster recovery, and business continuity planning and exercises.
- Assist with security awareness initiatives and targeted training programs.
Person Specification
- (Minimum education requirements, key skills and experience)
- Qualifications: Bachelor’s degree in Computer Science, Information Technology, or equivalent professional experience. Security or audit-related certifications preferred (CISSP, CISM, CISA, Security+, SSCP).
- Experience: 3+ years of experience in cybersecurity operations, compliance, vulnerability management, or audit support. Practical experience supporting incident response, vulnerability remediation, and audit evidence production. Experience working with third-party service providers and regulated environments is desirable.
- Skills: Strong understanding of information security controls and operational risk management. Ability to translate security findings into clear remediation actions. Strong documentation, analytical, and stakeholder communication skills. Comfortable operating in regulated, mission-critical operational environments.