Cette offre d'emploi n'est plus disponible
Info Security Analyst
Spectraforce Technologies
- United States
- United States
À propos
Info Security Analyst
Duration: 3months
Location: Mount Laurel, NJ (Hybrid - 2 days in office)
The role sits within the
Assurance Governance Oversight team
under
Global Technology (GT)
* The team focuses on
audit and regulatory findings across Global Technology .
* The team performs two primary functions: a
Challenge function
and a
Quality Assurance function .
* The
Challenge forum
is held
twice weekly
where teams present remediation packages and receive feedback to ensure they meet audit validation or regulatory requirements.
* The
Quality Assurance function
performs pre-review work on remediation packages before they are presented in challenge forums.
* QA reviews identify
gaps, control issues, documentation deficiencies, and remediation improvements
aligned with audit methodology and regulatory standards.
* The team provides
guidance to stakeholders on how to finalize remediation packages before submission to audit validation or regulators .
* The team manages
end-to-end coordination of remediation reviews , including scheduling, communications, training, tracking, documentation, and facilitation of review sessions.
* The team coordinates
communications and documentation required to move remediation packages through the governance process .
* The role being filled is an
Analyst position
due to a team member going on
parental leave .
* The analyst will support team leads and assist with operational execution of challenge and QA processes.
* Analysts are expected to be
hands-on with coordination, documentation, reviews, and operational support tasks .
* Responsibilities include
meeting minutes, communications, documentation of reviews, preparing pre-mails for challenge forums, and assisting in review preparation .
* Analysts also support
pre-discussion meetings prior to challenge forums or QA sessions .
* Analysts perform
QC checks on documentation before it is reviewed by the team leads .
* Analysts help ensure remediation packages are in good standing before reaching governance review stages.
* The role also includes
ad hoc responsibilities , such as documenting processes or reviewing specific operational tasks.
* The team distributes work across staff to ensure workload is balanced and no single person handles all reviews.
* Staff are
assigned specific reviews and manage them through completion .
* The team operates in a
collaborative working model where staff rotate responsibilities across review assignments .
* The environment requires
strong coordination and communication skills
due to the governance and facilitation nature of the work.
* The role requires someone who can
join the team and quickly contribute to existing workflows .
* Candidates outside those locations may not be prioritized due to hybrid requirements.
* Interviews will be conducted
virtually initially , with the possibility of
one or two interview rounds .
* The requisition will be
released shortly after the call
and submissions will be
halted Friday morning .
* The hiring manager stated the team is
tight knit and collaborative , with staff working closely together.
* The role provides exposure to
multiple technical areas and subject matter experts within the technology organization .
Key Role Requirements and Preferences
* Preferred background in
audit, risk management, or controls environments
* Strong understanding of
controls frameworks and governance processes
* Knowledge of
audit methodology and remediation processes
* Familiarity with
regulatory findings management
* Experience reviewing
remediation packages or audit findings documentation
* Experience with
compliance, policies, and operational processes
* Experience with
issue management processes
* Ability to coordinate
governance reviews, documentation, and communications
* Ability to assist with
meeting minutes and documentation for governance forums
* Familiarity with
controls frameworks such as NIST
* Experience working in
structured governance or regulatory environments
* Ability to support
documentation, review preparation, and QC validation processes
* Ability to collaborate closely with leads and stakeholders across teams
* Preferred experience level of
approximately three to five years
Tools and Systems Mentioned
*
Jira
used for tracking BAU activities, projects, timelines, and service level objectives
*
ServiceNow
will be used to house audit findings as the team transitions from
EPR to ServiceNow in April
*
Microsoft Lists
used internally for operational tracking of challenge reviews
* Reporting and dashboards are primarily managed by a
separate data management team
* Internal tracking data is used by the data team to measure team performance and progress
* Reporting dashboards are not a major responsibility for this role
Job Specific Accountabilities
The Senior Information Security Analyst role supports the execution of independent quality assurance and remediation reviews for audit and regulatory findings for Client's Global Technology Solutions (GTS) area. The role focuses on assessing the adequacy, completeness, and sustainability of management action plans, evaluating remediation evidence, and identifying residual risk to ensure alignment with regulatory expectations, internal standards, and information security frameworks.
This position operates within a 1B / oversight / challenge function, partnering closely with technology teams, operational risk management, audit, and compliance stakeholders to promote strong control hygiene and timely risk reduction.
We are looking for someone who is well-versed at providing governance, risk, compliance and issue remediation oversight and control best practices that meet Client's overarching strategy and objectives. Here's some of what you may be asked to perform:
Conduct quality assurance reviews and challenge of remediation action plans for internal audit and regulatory findings related to information security and technology controls, working with stakeholders across the three lines of defense to ensure effective risk mitigation and remediation
Assess whether action plans sufficiently address root cause, risk drivers, and control design gaps
Assess remediation evidence for accuracy, completeness, and sustainability
Apply established QA rubrics, control standards, and review methodologies consistently
Identify gaps, weaknesses, or misalignment with policy, standards, and regulatory expectations
Document review results, conclusions, and rationale in a clear, defensible manner
Evaluate information security controls across areas such as access management, change management, vulnerability management, data protection, logging and monitoring, third party risk, etc.
Assess residual risk and escalate concerns where remediation effectiveness is insufficient
Maintain accurate records of review activities, decisions, and supporting evidence
Support management reporting and metrics related to remediation quality and status
Engage with technology owners to clarify remediation approaches and evidence
Provide constructive challenge and guidance while maintaining independence
Collaborate with audit, operational risk management, and compliance partners to ensure alignment and consistency
Contribute to continuous improvement projects, leveraging agile / lean continuous improvement practices/methods that demonstrate sustainable and leading-edge solutions (e.g. Artificial Intelligence (AI), Machine Learning (ML), Power BI/Apps, Python, etc.)
Identify emerging themes, understand trends, and provide specialized business management advice to senior management and respective teams while raising industry, external and internal, enterprise and business awareness.
Stay apprised on Industry Best Practices as well as the Technology and Information Security Audit and Regulatory environment.
Job Requirements
Expert knowledge of IT Audit and Control methodology, IT Governance Controls and Standards, and associated tools to ascertain the quality and effectiveness of technology remediation plans.
Competencies in technology controls, emerging threats, and technology risk disciplines and practices.
IT governance experience in various information security methodologies/frameworks (e.g., COBIT 5, NIST, etc.)
Knowledge of IT policies, standards, and technology risk disciplines and practices
Knowledge / Experience in core Agile frameworks such as, Scrum, Kanban, and Extreme Programming to execute Challenge functions as defined by the client Agile methodology
Sound understanding of data analytics (collection, analysis, distribution etc.) and complex business processes
Experience with change management methods to evolve technology issue management framework (people/process/technology) specific to Challenge Operation
Experience with Key Performance and Risk Indicators and Technology Risk analytics and reporting, managing and refining business rules and thresholds for Technology controls performance (KPIs) and aggregating risk (KRIs)
Provide support to the development and testing teams to resolve data issues
Excellent verbal and written business communication skills; meticulous documentation
Ability to manage multiple efforts simultaneously and strong organizational skills
Ability to effectively interact with individuals across the organization and at various levels (technical, business, Senior & Executive Management)
Ability to educate colleagues and team members related to Challenge Operation processes/tools
Ability to contribute to / participate in complex technology projects
Required Qualifications:
5+ years of relevant experience in information security, technology risk, audit and regulatory remediation processes
Understanding of information security control frameworks (e.g., NIST, ISO 27001, CIS)
Experience reviewing control design, implementation, and operating effectiveness
Strong analytical skills with attention to detail and sound professional judgment
Experience supporting 1B, 2LOD, or QA/challenge functions
Experience reviewing remediation evidence and validating control effectiveness
Exposure to GRC tools (e.g., Archer, ServiceNow or similar platforms)
Expert knowledge various technology tools: including JIRA, Confluence, Sharepoint, MS Office, Excel, etc.
Relevant certifications or progress towards or relevant equivalent experience (e.g., CRISC, CISM, CISA, CISSP)
University degree or relevant field / equivalent experience
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre a été publiée par l’un de nos partenaires. Vous pouvez consulter l’offre originale ici.