IT Security and Compliance Analyst
Indexed description
Working closely with Infrastructure & Operations, Applications, and business stakeholders, the Analyst helps reduce enterprise risk, strengthen regulatory compliance, and ensure security controls are effective, repeatable, and defensible.
PRINCIPAL RESPONSIBILITIES:
Security Operations & Incident Response
- Monitor, analyze, and investigate security events using SIEM, EDR, email, cloud, and endpoint security tools.
- Coordinate incident response activities including containment, eradication, recovery, and post‑incident reviews.
- Maintain and improve incident response playbooks and track response metrics and corrective actions.
- Coordinate vulnerability scanning and validation across infrastructure, endpoint, cloud, and application environments.
- Prioritize vulnerabilities based on severity, asset criticality, and exploitability.
- Track remediation SLAs, exceptions, and risk acceptances; report status and trends to stakeholders.
- Support on‑premises and cloud identity platforms and secure authentication controls.
- Assist with joiner/mover/leaver processes, access reviews, and privileged access governance.
- Support enforcement of MFA, conditional access, and least‑privilege principles.
- Support internal and external audits including SOX ITGC, ISO 27001, NIST CSF, NIST 800-171, and contractual requirements.
- Maintain audit evidence, control documentation, and test artifacts.
- Support proactive control monitoring to reduce repeat audit findings.
- Assist with regulatory readiness including aviation‑specific security requirements (e.g., EASA Part‑IS).
- Support supplier security due diligence including questionnaires and review of SOC and ISO artifacts.
- Track vendor remediation actions and reassessment schedules for higher‑risk suppliers.
- Partner with Procurement and Legal to support security obligations in vendor contracts.
- Support IT emergency response, disaster recovery, and business continuity planning and exercises.
- Assist with security awareness initiatives and targeted training programs.
Qualifications:
- Bachelor’s degree in Computer Science, Information Technology, or equivalent professional experience.
- Security or audit‑related certifications preferred (CISSP, CISM, CISA, Security+, SSCP).
- 3+ years of experience in cybersecurity operations, compliance, vulnerability management, or audit support.
- Practical experience supporting incident response, vulnerability remediation, and audit evidence production.
- Experience working with third‑party service providers and regulated environments is desirable.
- Strong understanding of information security controls and operational risk management.
- Ability to translate security findings into clear remediation actions.
- Strong documentation, analytical, and stakeholder communication skills.
- Comfortable operating in regulated, mission‑critical operational environments.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search