Information Security Analyst

Role Overview: The Information Security Analyst is a hands-on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third-party risk management, security assessments, and the integration of security controls across enterprise and cloud-based systems.

The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast-paced, highly collaborative environment with modern and emerging technologies., * Support a Technology Vendor Management and Third-Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring

• Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle
• Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)
• Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications
• Partner with business teams to review workflows and recommend security process improvements
• Support the development and execution of data protection and risk mitigation initiatives
• Produce clear, written security assessments documenting vendor and application security posture
• Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness, Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.
• California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
• Virginia residents may access our state specific policies here.
• Residents of all other states may access our policies here.
• Canadian residents may access our policies in English here and in French here.
• Residents of countries governed by GDPR may access our policies here.

• 2-3 years of experience in Information Technology
• Minimum of 2 years of experience in cybersecurity risk management
• Experience conducting vendor due diligence and third-party security assessments
• Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP
• Experience coordinating technical security integrations across systems and applications
• Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals
• Ability to analyze complex system architectures and identify security integration opportunities
• Bachelor's or Master's degree in a relevant field, * Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools)
• Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM
• Experience with security logging and event management tools (e.g., SIEM platforms)
• Hands-on exposure to AWS and/or Azure cloud environments
• Experience producing operational security metrics and dashboards

Tools & Skills

• Strong cybersecurity fundamentals with a focus on risk, controls, and integrations
• Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)
• Strong written and verbal communication skills

Work Environment

Collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities.

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

• the individual's skill sets, experience and training;
• licensure and certification requirements;
• office location and other geographic considerations;
• other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.