ISO Analyst

Information Security Analyst
Hybrid (3 Days On Site 2 Days Remote) - Richmond VA
Duration: 24 months renewable contract

Job Summary:
We is seeking an Information Security Analyst for a two-year contract offering a hybrid work environment (three days onsite two days remote). The Information Security Analyst will play a key role in advancing cybersecurity and privacy awareness across the organization. This role will participate in the creation and maintenance of Information Security and privacy policies and standards and contribute to the efforts of the Information Security Office (ISO) and related security projects.

Key Responsibilities:

• Participate in Information Security and Privacy initiatives across all business units and vendor engagements to ensure proper security controls are implemented and maintained.
• Enter and update information security records documentation and data within the Governance Risk and Compliance (GRC) system.
• Collaborate with business stakeholders to develop and maintain information System Security Plans (SSP).
• Represent the Information Security Office in project management-led initiatives to ensure information security requirements are considered in key projects.
• Work cross-functionally with teams and end-users to understand business needs facilitate compliance and communicate clearly.
• Assist in developing maintaining and updating information security standards and processes occasionally performing research from reputable industry sources.
• Contribute to controls documentation including drafting narratives creating system diagrams and populating risk assessment templates for business approval.
• Assist in the review of contracts and vendor documentation to verify adequate information security protection measures are in place.

• Minimum three (3) years of demonstrated experience in Information Security specifically in governance risk and compliance.
• In-depth understanding of information security principles technologies and practices.
• Strong knowledge of IT infrastructure planning implementation and management.
• Ability to organize work set priorities meet deadlines and operate independently.
• Experience with security frameworks such as NIST ISO 27001 COBIT or similar.
• Exceptional organizational skills and attention to detail.
• Ability to adapt to changing priorities and ambiguous environments.
• Experience drafting and maintaining Information Security and Privacy policies standards and procedures.
• Proficient in interpreting security documentation flow diagrams and process maps.
• Understanding of general contract terms and the ability to review security clauses.
• Ability to create diagrams flowcharts and spreadsheets with standard desktop software.
• Strong written and verbal communication skills for various audiences.

• Bachelors degree in Computer Science Information Systems or related field; CISA CISSP or similar certifications.
• Experience in the financial services sector.
• Familiarity with cloud and application security controls.
• Working knowledge of information security regulatory compliance (e.g. GLBA GDPR PCI).
• Awareness of privacy regulations (e.g. GDPR CCPA VCDPA).

All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or protected veteran status.