As an Information Security Analyst, you will be part of a dynamic IT team dedicated to serving the Firm's nationwide platform. The responsibilities include implementing and maintaining security policies, procedures, and controls in line with industry best practices and regulatory requirements such as ISO 27001, SOC II, and HIPAA. The role involves conducting risk assessments, identifying security risks in business processes and technologies, and recommending appropriate mitigation strategies. Additional duties include assisting with audit preparation, evidence gathering, and compliance assessments for various regulatory frameworks like NIST 800-53, ISO 27001, SOC II, and HIPAA. Managing security tools such as firewalls, encryption, antivirus, and DLP is also a key responsibility, along with identifying and responding to security incidents and maintaining incident response documentation. Evaluating the security posture of third-party vendors and software, identifying potential risks, and ensuring compliance with contractual obligations are also critical. The position requires continuously assessing and recommending improvements to the firm's security controls, policies, and governance structure to meet evolving regulatory requirements and industry best practices. Participation in cross-functional security projects, providing GRC insights and support, is expected.
Additional responsibilities include supporting security awareness training programs and initiatives, driving the automation of security workflows and processes, and collaborating with the IT department on special projects, offering technical support for security-related issues when needed.
