Security Analyst - Hybrid

Title: Security Analyst - Hybrid

Mandatory skills:

cybersecurity compliance, audit coordination, risk management,
IT security review processes, IT security exception workflows, developing security policies, developing security procedures,
IT security tools, Splunk, IronPort, Tenable, Cloudflare,
risk assessments, compliance activities, automating reports, AI-related risks,
IT Security Incident Response planning, preparation, PCI client standards, SAQ preparation,
NIST-based frameworks, government security standards, data governance, privacy protection practices,
audit responses, IT audits, audit reports outlining findings, audit findings,
security controls, cybersecurity education, compliance initiatives, ensuring awareness, cybersecurity awareness programs, emerging threat, security conscious culture, Regularly champion, provide guidance, promote awareness,
security monitoring, risk levels, network activity, email threat detection, spam, malware, phishing, security reports,
IT incident response plans, procedures, IT incident response plans, incident response activities, investigation, documentation, notification, status updates, ongoing security incidents, post mortem documentation, resolved incidents, tracking patterns, informing IT, avoid subsequent incidents,
data protection regulations, industry standards, regulatory requirement, Conduct regular scans, coordinate risk assessments, identify potential security threats, vulnerabilities, cloud-hosted solutions, AI use cases, emerging technology integrations,
risk mitigation strategies, protect sensitive data, privacy and security requirements, application security governance, lifecycle management, secure design guidance, vendor compliance reviews,
cybersecurity compliance, audit readiness, risk oversight, industry recognized frameworks, IT security policy, procedure development, oversee audit responses, coordinates IT solution security review intake processes,
IT security exception requests, IT vulnerability management program, initiates review workflows, maintains systems documentation, risk registers, security review assessments

Description:

The IT Security, Compliance, & Risk Coordinator serves as the lead facilitator for client cybersecurity compliance, audit readiness, and risk oversight ensuring alignment with client IT policies and standards, PCI client, and industry recognized frameworks. This role helps to guide client IT security policy and procedure development, oversee audit responses, coordinates IT solution security review intake processes, manages the client IT vulnerability management program, triages IT security exception requests and initiates review workflows, and maintains systems documentation such as risk registers and security review assessments.

Responsibilities:

IT Compliance & Risk Assessment Management:
Develop, implement, maintain, and monitor adherence to IT security or compliance policies and procedures, including data protection regulations or internal security policies, ensuring alignment with industry standards and regulatory requirements.
Conduct regular scans and coordinate risk assessments to identify potential security threats and vulnerabilities within IT systems, including those related to use of cloud-hosted solutions, AI use cases, and emerging technology integrations.
Develop and implement risk mitigation strategies while collaborating with partner client or managed service providers and internal technical teams to identify and address identified vulnerabilities, security, and compliance gaps.
Maintain a risk register and ensure that all identified risks are documented, assessed, and addressed promptly.
Oversee data governance activities to protect sensitive data and ensure compliance with privacy and security requirements.
Support application security governance, including lifecycle management, secure design guidance, and vendor compliance reviews.
Coordinate with legal and regulatory bodies to stay updated on compliance requirements and ensure organizational alignment.

IT Incident Response Planning and Execution:
Assist in the development and maintenance of IT incident response plans and procedures. Test and evaluate existing IT incident response plans for effectiveness.
Educate IT staff, and non-IT staff as appropriate, on IT incident response procedures providing clear actionable steps to assist staff in a timely resolution.
Participate in incident response activities, including investigation, documentation, and notification or status updates of ongoing security incidents.
Create and maintain post-mortem documentation or tracking of resolved incidents, tracking patterns, and informing IT or client leadership on incident impact, root cause, and steps taken to avoid subsequent incidents.

IT Risk Reporting:
Analyze incident trends to recommend improvements to security controls and processes.
Utilize enterprise and client resources for security monitoring and reporting of risk levels, network activity, email threat detection (e.g., spam, malware, phishing).
Produce executive-level risk and security reports for IT leadership and other key stakeholders.

Cybersecurity Awareness and Training:
Lead client -wide cybersecurity education and compliance initiatives, ensuring awareness and adherence to PCI client , NIST-based, and client -level standards.
Develop and deliver cybersecurity awareness programs to educate employees about security best practices and emerging threats.
Regularly create engaging training materials and conduct workshops to promote a security-conscious culture.
Regularly champion, provide guidance, and promote awareness on cybersecurity, data governance, and responsible technology use across the organization.

Audit Functions:
Coordinate and prepare audit responses for oversight bodies including but not limited to the client or Legislative Audit Bureau (LAB).
Plan and execute IT audits to evaluate the effectiveness of security controls and compliance with policies.
Prepare detailed audit reports outlining findings, recommendations, and corrective actions.
Follow up on audit findings to ensure that corrective actions have been implemented effectively.

Minimum Qualifications:
5+ years of experience in cybersecurity compliance, audit coordination, or related risk management roles.
Experience managing IT security review processes, IT security exception workflows, and developing security policies or procedures.
Experience creating and automating reports from industry standard IT security tools (e.g., Splunk, IronPort, Tenable, Cloudflare).
Proven ability to coordinate complex risk assessments and compliance activities
Strong knowledge of IT Security Incident Response planning and preparation
Strong knowledge of PCI client standards and SAQ preparation.
Strong knowledge of NIST-based frameworks and government security standards.
Strong knowledge of both direct and indirect AI-related risks (i.e., AI as a default )
Strong understanding of data governance and privacy protection practices.
Experience collaborating with cross-functional IT teams and program area staff, external auditors, and regulatory agencies.
Excellent communication and analytical skills, with ability to translate complex IT security related topics for diverse often non-technical audiences.
Demonstrated ability to develop and deliver effective training programs.

Desired Qualifications:
Prior experience in public-sector compliance or multi-client single tenant environments.
Industry certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC), or Security+ (preferred but not required).

VIVA USA is an equal opportunity employer and is committed to maintaining a professional working environment that is free from discrimination and unlawful harassment. The Management, contractors, and staff of VIVA USA shall respect others without regard to race, sex, religion, age, color, creed, national or ethnic origin, physical, mental or sensory disability, marital status, sexual orientation, or status as a Vietnam-era, recently separated veteran, Active war time or campaign badge veteran, Armed forces service medal veteran, or disabled veteran. Please contact us at for any complaints, comments and suggestions.

Contact Details :

VIVA USA INC.
3601 Algonquin Road, Suite 425
Rolling Meadows, IL 60008