Information Security Analyst

Overview

Hybrid
$60
Contract - Independent
Contract - W2

Job Details

Title: Information Security Analyst

Role Overview: The Information Security Analyst is a hands-on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third-party risk management, security assessments, and the integration of security controls across enterprise and cloud-based systems.

The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast-paced, highly collaborative environment with modern and emerging technologies.

Key Responsibilities

  • Support a Technology Vendor Management and Third-Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring

  • Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle

  • Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)

  • Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications

  • Partner with business teams to review workflows and recommend security process improvements

  • Support the development and execution of data protection and risk mitigation initiatives

  • Produce clear, written security assessments documenting vendor and application security posture

  • Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness

Required Qualifications

  • 2–3+ years of experience in Information Technology

  • Minimum of 2 years of experience in cybersecurity risk management

  • Experience conducting vendor due diligence and third-party security assessments

  • Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP

  • Experience coordinating technical security integrations across systems and applications

  • Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals

  • Ability to analyze complex system architectures and identify security integration opportunities

  • Bachelor’s or Master’s degree in a relevant field

Preferred Qualifications

  • Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools)

  • Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM

  • Experience with security logging and event management tools (e.g., SIEM platforms)

  • Hands-on exposure to AWS and/or Azure cloud environments

  • Experience producing operational security metrics and dashboards

Tools & Skills

  • Strong cybersecurity fundamentals with a focus on risk, controls, and integrations

  • Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)

  • Strong written and verbal communication skills

Work Environment

Collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Vaco by Highspring