remote
IT Security & Compliance Analyst - Mission Critical Group
Software Engineer
Analyze and enforce information security controls, ensure regulatory compliance, and manage risk across critical infrastructure environments using frameworks such as ISO 27001, NIST, and cloud security best practices.
About the role
Key Responsibilities
- Conduct risk assessments and gap analyses to identify security weaknesses in hardware, software, and processes.
- Develop, implement, and maintain compliance programs aligned with ISO 27001, NIST, and industry‑specific regulations.
- Perform vulnerability scanning, remediation tracking, and continuous monitoring of on‑premise and cloud environments.
- Lead security audits, prepare evidence packages, and coordinate with internal and external auditors.
- Respond to security incidents, perform root‑cause analysis, and drive corrective actions.
- Collaborate with engineering and operations teams to embed security controls into design and deployment pipelines.
Requirements
- 3+ years of experience in information security, risk management, or compliance roles.
- Hands‑on experience with ISO 27001, NIST CSF, or similar frameworks and ability to translate requirements into actionable controls.
- Proficiency in vulnerability management tools (e.g., Tenable, Qualys) and cloud security platforms (AWS, Azure, GCP).
- Strong analytical skills, attention to detail, and ability to communicate findings to technical and non‑technical stakeholders.
- Relevant certifications such as CISSP, CISM, or ISO 27001 Lead Implementer preferred.