Information Security Analyst (GRC / Risk & Vulnerability Management)

Position Summary We are seeking an experienced Information Security Analyst to support cybersecurity risk management, vulnerability management, and Governance, Risk, and Compliance (GRC) initiatives. This role requires a hands-on security professional who can assess risk, analyze vulnerabilities, drive remediation efforts, and collaborate with technical and business stakeholders to improve the organization's security posture.

Key Responsibilities

• Perform cybersecurity risk assessments and support ongoing risk management activities.
• Analyze and prioritize security vulnerabilities based on business impact and risk exposure.
• Partner with engineering and security teams to drive remediation efforts.
• Conduct security reviews and provide risk-based recommendations.
• Support governance, risk, and compliance initiatives across the organization.
• Monitor vulnerability trends, remediation progress, and security metrics.
• Contribute to process improvements, automation initiatives, and security workflow optimization.
• Communicate technical risks effectively to both technical and non-technical stakeholders.

Required Qualifications

• 5+ years of Information Security or Cybersecurity experience.
• Strong experience in Governance, Risk & Compliance (GRC).
• Hands-on experience with Risk Assessment and Risk Management.
• Experience managing and analyzing security vulnerabilities.
• Ability to articulate risk scenarios and business impact.
• Strong understanding of security frameworks, controls, and methodologies.
• Excellent communication and stakeholder management skills.
• Experience working in a hands-on security analysis role.

Preferred Qualifications

• AWS or cloud security experience.
• Python scripting and security automation.
• Experience with AI-driven workflow automation.
• Application Security experience.
• CI/CD Pipeline Security.
• Infrastructure as Code (IaC) security.
• CISSP or similar security certifications.

Ideal Candidate

• Strategic thinker with strong technical depth.
• Comfortable performing hands-on analysis and investigation.
• Able to work independently with minimal supervision.
• Experienced in driving remediation and influencing risk-based decisions across stakeholders.