Information Security Analyst

Location: Scottsdale, AZ
Salary: $115,000.00 USD Annually - $155,000.00 USD Annually
Description:
We're building something brand new - a secure, scalable business division serving multiple customers under a single AWS tenant. While our engineers design the technical controls, we need someone to ensure that our policies, standards, and procedures (PSPs) align with industry best practices, compliance frameworks, and our unique operating environment.

As our Information Security Analyst (GRC Focus), you'll be the architect of our governance layer. You'll transform security requirements into actionable, auditable PSPs that set the foundation for how we operate. This role isn't just about documentation - it's about creating clarity, driving consistency, and ensuring our security program is always audit-ready.
Candidates MUST be able to commit to a Hybrid or Onsite Schedule in Scottsdale, AZ

This job will have the following responsibilities:

• Policy Development & Documentation
• Draft, update, and maintain Information Security policies, standards, and procedures tailored to our AWS multi-tenant environment.
• Ensure alignment with compliance frameworks (SOC 2, PCI, HIPAA, ISO 27001).
• Partner with engineers and business stakeholders to ensure policies reflect practical, real-world workflows.
• Risk & Compliance Oversight
• Identify, document, and track security risks across our environment.
• Support risk assessments and provide recommendations for risk treatment plans.
• Assist in readiness for external audits by ensuring documentation and evidence are organized and up-to-date.
• Collaboration & Communication
• Work directly with leadership, engineers, and vendors to ensure policies are clear, actionable, and understood.
• Translate technical requirements into plain-language standards that can be followed by non-technical teams.
• Support training and awareness initiatives to drive adoption of policies.
• Continuous Governance
• Establish document versioning and review cycles to keep policies evergreen.
• Recommend improvements based on lessons learned, new regulations, and evolving business needs.
• Track key governance metrics and report progress to leadership.

On a typical day, you might:

1. Write or revise a standard on IAM role reviews to align with least privilege practices.
2. Meet with the cloud engineering team to document the procedural steps for AWS GuardDuty alert response.
3. Draft a risk statement for leadership related to a newly identified compliance gap.
4. Prepare evidence documentation for an upcoming SOC2 audit.
5. Deliver a quick briefing to executives on how a policy change affects daily operations.

Qualifications & Requirements:

• We're looking for someone who can think like both a policymaker and a partner. You'll combine your understanding of compliance frameworks with the ability to translate technical practices into clear documentation.
• Certifications such CISA, CISM, CISSP, or AWS Certified Security - Specialty.
• Experience supporting external audits (SOC 2, PCI, HIPAA).
• Familiarity with AWS security services (IAM, GuardDuty, Config, Security Hub).
• Ability to communicate complex security concepts to both technical and business audiences.
• Strong knowledge of compliance frameworks (SOC 2, PCI, DSS, HIPAA, ISO 27001, or similar).
• Demonstrated experience drafting and maintaining security policies, standards, and procedures.
• 5-7 years of experience in IT or IS Governance, Risk, and Compliance.
• Bachelor's degree in Computer Science, Management Information Systems or equivalent experience

Skills that Make You Stand Out:

• Strong writing and documentation skills with attention to detail.
• Ability to "connect the dots" between compliance requirements and technical controls.
• Proven success in building relationships across technical and business teams.
• Natural curiosity and drive to improve processes and reduce risk.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!