Overview
Skills
Job Details
Title: Security Analyst - Hybrid
Mandatory skills:
cybersecurity, network operations, audit, compliance coordination, IT risk management,
running search queries, generating, automating reports, industry standard IT security tools, Splunk, IronPort, Tenable, Cloudflare,
IT security review processes, security exception workflows, vulnerability management processes, developing security policies, developing security procedures,
risk assessments, compliance activities,
AI tools, emerging technologies, AWS, Microsoft 365 Entra ID security controls, IAM, logging, monitoring, encryption, MFA, Conditional Access,
IT Security Incident Response planning, preparation, managed service providers, MSP, third-party vendors,
common security frameworks, compliance standards, NIST, PCI DSS, CIS, ISO 27001, privacy protection practices,
public-sector compliance, multi-agency single tenant environments, PCI DSS SAQ preparation, attestation, penetration testing,
IT security compliance, technology intake processes, IT audit readiness, SaaS, PaaS, IaaS, Artificial Intelligence, AI technology, AI use cases, data governance, privacy protections, application security governance,
log analysis, SIEM tools, IT vulnerability scans, IT security, risk, compliance related reports, vulnerability management program, firewall, security exception requests,
facilitates incident response planning, PCI DSS attestation, SAQ A, SAQ B-IP, business use cases, data classification, required security controls, software services, cloud services,
license agreements, privacy policies, security artifacts, SOC 2, FedRAMP, StateRAMP, vulnerability scan interpretation, dashboards, remediation tracking,
enterprise tools, agency tools, SIEM, email security, vulnerability scanners, security posture, risk trends, security value, threat insights, anomaly insights, business intelligence, usage trends, adoption trends,
AI applications, AI business use cases, AI features, cybersecurity awareness programs,
test incident response plans, playbooks, investigations, documentation, notifications updates, status updates, post-incident reviews, track root cause, preventive actions
Description:
The client is looking for a Security Analyst II.
The IT Security & Compliance Coordinator oversees and facilitates client IT security compliance, technology intake processes, IT audit readiness, and overall IT risk management. Regularly performing complex risk assessments related to cloud-hosted solutions (e.g., SaaS, PaaS, IaaS), Artificial Intelligence (AI) technology and AI use cases, client data governance and privacy protections, and application security governance; the IT Security & Compliance Coordinator acts as a key liaison to external partners and collaborates closely with internal IT teams, division leadership, program staff, regulatory bodies, and vendors to strengthen the client s security and compliance posture.
Additionally, this role is responsible for performing log analysis using SIEM tools and interpreting IT vulnerability scans while producing executive-level IT security, risk, and compliance related reports. It coordinates the client vulnerability management program, firewall and security exception requests with WHS s managed service provider, supports and facilitates incident response planning, and leads cybersecurity awareness training in coordination with the client leadership. The IT Security & Compliance Coordinator also performs PCI DSS attestation (i.e., SAQ A & SAQ B-IP) for all WHS merchant locations.
Responsibilities:
Technology Intake & Vendor Security Review:
Capture business use cases, data classification, and required security controls for software and cloud services.
Collect and review vendor T&Cs, license agreements, privacy policies, and security artifacts (e.g., SOC 2, FedRAMP/StateRAMP).
Initiate, monitor, and shepherd intake workflows with service providers, coordinating to closure and ensuring alignment with the client compliance requirements.
Monitoring, Reporting, and Vulnerability Coordination:
Use client tools (e.g., SIEM, email security, vulnerability scanners) to review security posture and risk trends.
Build recurring and ad-hoc reports that provide security value (threat/anomaly insights) and business intelligence (usage/adoption trends).
Translate technical findings into clear summaries for diverse audiences, including executive leadership.
Coordinate vulnerability scan interpretation, dashboards, and remediation tracking; escalate and track actions with system owners and service providers until resolved.
AI & Emerging Technology Governance:
Maintain inventories of AI applications, direct and indirect risks, and approved use cases.
Coordinate intake and review of AI business use cases; prepare forms and guide staff through enterprise and client requirements.
Evaluate vendor AI features and emerging technologies for security, privacy, and ethical risks (e.g., bias, data exposure), ensuring compliance with the client policies.
Draft/refine policies that balance innovation with secure adoption of AI and other emerging tech.
IT Compliance, Audit Response, & Risk Management:
Develop, maintain, and monitor adherence to IT security/compliance policies aligned to NIST, PCI DSS, CIS, ISO 27001, and client standards.
Identify and track risks; collaborate with service providers and internal technical teams on mitigation strategies and exception handling.
Oversee data governance activities and support application security governance (secure design guidance, vendor compliance reviews).
Prepare audit responses and evidence for oversight/regulatory bodies; lead PCI DSS SAQ processes for all merchant locations.
Support vendor contract reviews by identifying and recommending security and privacy requirements to be included in agreements
Incident Response Planning and Execution:
Maintain and test incident response plans/playbooks; educate staff on roles and procedures.
Participate in investigations, documentation, notifications/status updates, and post-incident reviews; track root cause and preventive actions.
Cybersecurity Awareness and Training:
Lead agency-wide cybersecurity education and compliance initiatives, ensuring awareness and adherence to PCI DSS, NIST-based, and state-level standards.
Develop and deliver cybersecurity awareness programs to educate employees about security best practices and emerging threats.
Regularly create engaging training materials and conduct workshops to promote a security-conscious culture.
Regularly champion, provide guidance, and promote awareness on cybersecurity, data governance, and responsible technology use across the organization.
Minimum Qualifications:
5+ years of experience in cybersecurity or network operations, audit and compliance coordination, or related IT risk management.
Experience running search queries, generating, and automating reports from industry standard IT security tools (e.g., Splunk, IronPort, Tenable, Cloudflare).
Experience managing IT security review processes, security exception workflows, vulnerability management processes, and developing security policies or procedures.
Proven ability to coordinate complex risk assessments and compliance activities
Experience evaluating AI tools or emerging technologies for compliance, security, or ethical risks with a strong knowledge of direct and indirect AI-related risks
Working knowledge of AWS and Microsoft 365 Entra ID security controls (e.g., IAM, logging/monitoring, encryption, MFA/Conditional Access), with the ability to interpret read-only outputs and coordinate remediation with service providers.
Strong knowledge of IT Security Incident Response planning and preparation, including experience coordinating with managed service providers (MSP) or third-party vendors
Strong understanding of common security frameworks or compliance standards (e.g., NIST, PCI DSS, CIS, ISO 27001), and privacy protection practices.
Experience collaborating with cross-functional IT teams and program area staff, external auditors, and regulatory agencies.
Excellent communication and analytical skills, with ability to translate complex IT security related topics for diverse often non-technical audiences.
Desired Qualifications:
Prior experience in public-sector compliance or multi-agency single tenant environments.
Prior experience with PCI DSS SAQ preparation and attestation.
Prior experience coordinating vendor-performed internal penetration testing
VIVA USA is an equal opportunity employer and is committed to maintaining a professional working environment that is free from discrimination and unlawful harassment. The Management, contractors, and staff of VIVA USA shall respect others without regard to race, sex, religion, age, color, creed, national or ethnic origin, physical, mental or sensory disability, marital status, sexual orientation, or status as a Vietnam-era, recently separated veteran, Active war time or campaign badge veteran, Armed forces service medal veteran, or disabled veteran. Please contact us at for any complaints, comments and suggestions.
Contact Details :
VIVA USA INC.
3601 Algonquin Road, Suite 425
Rolling Meadows, IL 60008