Information Security Analyst

Location: Remote, United States
Job Type: Full-Time
Work Arrangement: Remote
Department: Information Security / Cybersecurity / Risk & Compliance / Security Operations
Reports To: Security Manager / Head of Information Security / GRC Lead / CISO

Role Overview

We are seeking a detail-oriented and proactive Information Security Analyst to support day-to-day security monitoring, risk assessment, policy maintenance, control reviews, vulnerability coordination, and overall security operations support across the organization. This role is responsible for helping maintain the organization’s security posture by monitoring risks, reviewing access and alert activity, supporting remediation efforts, maintaining security documentation, and contributing to audit and compliance readiness.

The ideal candidate has experience in information security, IT security, or security operations and is comfortable working across security monitoring, access control review, vulnerability follow-up, policy support, and internal coordination. This person should be able to identify risks, support security controls, maintain strong documentation, and work effectively with IT, cloud, engineering, compliance, and business teams.

This is a remote USA-based role, suited for someone with strong analytical discipline, practical security awareness, and the ability to support security operations in a structured and business-aligned way.

Key Responsibilities

Security Monitoring & Posture Review

• Monitor security posture across systems, users, endpoints, cloud platforms, and business applications
• Review security alerts, suspicious activity, control exceptions, and system indicators that may require attention or escalation
• Help identify gaps in security coverage, policy adherence, and control effectiveness across the environment
• Support ongoing monitoring of access, endpoint activity, account behavior, and basic security health indicators
• Contribute to day-to-day operational visibility across the organization’s security landscape

Access Control & Alert Review

• Review access controls, identity permissions, user provisioning status, privileged access, and security-related alert activity
• Help assess whether access rights and security controls are aligned with least privilege and internal requirements
• Support review of login anomalies, account changes, permission issues, and user-related security signals
• Work with IT, IAM, HR, and system owners to support access governance and remediation follow-up
• Help strengthen user and access-related security hygiene across systems and platforms

Vulnerability Management & Remediation Coordination

• Support vulnerability management activities by reviewing findings, coordinating with owners, and tracking remediation progress
• Help monitor vulnerability reports across endpoints, servers, applications, cloud environments, and infrastructure assets
• Maintain remediation trackers, evidence records, status updates, and follow-up logs for security issues
• Work with technical teams to ensure findings are acknowledged, prioritized, and progressed toward resolution
• Contribute to reducing unresolved security exposure through disciplined tracking and coordination

Risk Assessment & Control Review

• Support risk assessment activities across operational, technical, user, and control-related security areas
• Help review security controls, process adherence, and environment configurations to identify risk gaps and areas of concern
• Contribute to internal security reviews, control checks, and assessments tied to security posture and governance expectations
• Maintain structured records of identified risks, control observations, and mitigation actions
• Support stronger risk visibility and practical risk management across the organization

Policy, Documentation & Security Governance Support

• Maintain security policies, standards, procedures, guidelines, and related documentation in an accurate and organized manner
• Support policy updates, version control, review cycles, and communication of security documentation changes
• Help document control requirements, security processes, exceptions, and operational procedures
• Contribute to stronger documentation quality and traceability across security operations and governance activities
• Assist with maintaining organized security records for internal use, audits, and compliance needs

Audit, Compliance & Cross-Functional Support

• Assist with audit preparation, evidence collection, compliance readiness, and responses to internal or external review requests
• Support security and compliance activities tied to frameworks, customer requirements, internal control expectations, or policy obligations
• Work with IT, engineering, cloud, HR, legal, procurement, and compliance stakeholders where security coordination is needed
• Help prepare security summaries, posture reports, issue logs, and management-ready documentation where required
• Contribute to broader information security maturity through reliable operational support and follow-up discipline

Requirements

• Bachelor’s degree in Cybersecurity, Information Security, Information Systems, Computer Science, or a related field preferred
• Proven experience in security analysis, information security, IT security, or related security operations roles
• Understanding of IAM, endpoint security, access controls, and risk management concepts
• Experience supporting security monitoring, alert review, vulnerability coordination, or documentation management
• Strong reporting and documentation skills
• Ability to review risks, control issues, and security posture indicators in a structured manner
• Strong attention to detail and organizational discipline
• Good written and verbal communication skills
• Ability to work effectively with technical and non-technical stakeholders in a remote environment
• Ability to manage sensitive security information with professionalism and care

Preferred Qualifications

• Familiarity with security tools and environments such as SIEM, EDR, vulnerability scanners, IAM platforms, cloud security dashboards, or ticketing systems
• Exposure to frameworks or control environments such as ISO 27001, SOC 2, NIST, PCI DSS, HIPAA, or similar
• Experience supporting access reviews, control checks, endpoint monitoring, phishing response, or vulnerability workflows
• Familiarity with tools such as Microsoft Defender, CrowdStrike, Qualys, Tenable, Splunk, Microsoft Sentinel, Jira, ServiceNow, or similar
• Understanding of security policy lifecycle, audit support, remediation tracking, and compliance evidence preparation
• Experience in SaaS, enterprise IT, consulting, regulated, or security-focused operational environments
• Relevant certifications such as Security+, CySA+, SSCP, SC-900, ISO 27001, or similar are a plus
• Experience in remote-first or distributed operating environments is advantageous

Core Skills

• Security monitoring
• Risk assessment
• Access control review
• Vulnerability coordination
• Endpoint security awareness
• IAM support
• Security documentation
• Policy maintenance
• Control review
• Remediation tracking
• Audit readiness support
• Compliance coordination
• Security reporting
• Cross-functional collaboration
• Information security operations

Key Competencies

• High attention to detail
• Strong analytical thinking
• Structured and methodical working style
• Clear written communication
• Strong follow-up discipline
• Sound judgment with sensitive information
• Practical security awareness
• Cross-functional coordination ability
• Reliability and consistency
• Continuous improvement mindset

Success Metrics

• Strong day-to-day visibility into security posture and user-related risks
• Timely review of alerts, access issues, and security observations
• Effective vulnerability remediation tracking and follow-up
• Accurate and current security policies, logs, and documentation
• Better audit and compliance readiness through organized evidence support
• Improved control visibility and risk tracking across security operations
• Positive feedback from security, IT, audit, and compliance stakeholders

Working Conditions

• Fully remote role based in the United States
• Standard business hours aligned with U.S. time zones
• Frequent collaboration with security, IT, cloud, engineering, compliance, HR, and operations teams through virtual meetings and workflow systems
• May support multiple security workstreams, reviews, remediation cycles, or audit activities at the same time