Information Security Analyst overseeing security tools and incident responses. Engaging in corporate security initiatives within a technological framework.
About the role
- Information Security Analyst evaluating cybersecurity and third-party risk for clients in regulated industries. Utilizing VRM and Cybersecurity Compliance platforms to ensure rigorous security standards.
Responsibilities
- Identify and mitigate risks within third-party environments by meticulously reviewing security documentation and assessments.
- Review vendor risk by evaluating security assessments and documentation; deliver actionable recommendations to strengthen client risk postures.
- Conduct comprehensive vulnerability scans and penetration tests for Smarsh customers using industry-leading, off-the-shelf security tools.
- Produce detailed technical reports that categorize vulnerabilities and provide actionable remediation strategies to help clients resolve security gaps.
- Serve as a subject matter expert and primary point of contact, guiding clients through platform features and cybersecurity best practices via phone and email.
- Manage regular client engagements, deliver high-quality due diligence reports, and contribute to the continuous improvement of Smarsh VRM team operations.
Requirements
- 3–5 years of professional experience specifically within Vendor Risk Management or Information Security.
- Relevant industry certifications are highly desirable (e.g., CTPRP, CISA, CISM, CRISC).
- Familiarity with tools such as Nessus, Metasploit, or Cobalt Strike.
- Strong understanding of TCP/IP networking, server administration, and cybersecurity controls (processes, procedures, and policies).
- Proficient in Salesforce CRM, Microsoft Office Suite, and MS Teams.
- Ability to use AI tools to automate repetitive tasks, such as data mapping, report drafting, or initial vendor documentation reviews.
- Utilize and recommend enhancements to Smarsh’s AI review tools to automate the extraction of critical data from vendor security documentation.
- Proven ability to review complex security assessments for completeness and overall risk impact.
- Exceptional written and verbal communication skills with a "customer-first" mindset.
- Ability to manage multiple parallel workstreams and document processes accurately under tight deadlines.
- A proactive, self-motivated professional capable of working independently for extended periods while maintaining high standards.
Benefits
- Competitive salary
- Flexible working hours
- Professional development budget
- Home office setup allowance
- Global team events
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Analyst role supporting USAF Cloud One Architecture and common shared services contract. Involves compliance monitoring, incident response, and collaboration with cybersecurity teams.
Senior Cyber Security Analyst at GDIT identifying and mitigating cyber threats while ensuring compliance with NIST and ISO standards. Involves oversight of security controls and enterprise risk assessments.
Junior Information Security Analyst focusing on identity and access management at Evertec. Supporting operational activities and collaborating with IT and security teams in a hybrid setting.
Senior Cybersecurity Engineer at 3CON responsible for detection and response engineering in Brazilian pharmaceutical retail. Collaborating with teams and improving security controls continuously.
Lead Security Analyst managing operational guidance and analytical oversight for security across crisis regions. Collaborating for timely decision - making and information delivery to clients in the field.
Analista de Segurança da Informação na Minsait investigando e respondendo a incidentes de segurança. Envolvimento em gestão de vulnerabilidades e boas práticas de segurança.
Senior Security Analyst providing advanced cybersecurity services in Stockholm and Malmö. Monitoring environments and handling incidents while collaborating with clients to ensure cybersecurity resilience.
Staff Cybersecurity Analyst focusing on cloud security for Southern Glazer’s. Leading security assessments, managing incidents, and collaborating with teams to enhance security posture.
Analyst supporting Nuclear Cyber Security program at Duke Energy. Addressing cyber security threats and managing compliance across multiple nuclear operations.