TheSr Information Security Analystwill be a key member Information Security team. This person will work closely with cross functional teams to ensure appropriate physical, administrative and technical controls are operating effectively to ensure the confidentiality, integrity and available information resources.Strategize on the development and execution of the Information Security and GRC program and roadmap.Develop, maintain, and enforce Information Security Policies, Standards, Guidelines, and other Information Security related documents.Conduct regular risk and vulnerability assessments to identify areas of concern.Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements.Perform and manage third-party security risk assessments.Collaborate with cross functional teams to collect evidence for customer audits and policy frameworks such as ISO27001, CMMC, GDPR, CPRAMaintain the security risk register and track the progress of remediation efforts.Manage the information security awareness programs which include security awareness training, phishing campaigns, security newsletters and publicationsMonitor changes to security best practices, using industry frameworks, and regulations to determine how these changes may impact security posture.Develop metrics and dashboards to measure and showcase the maturity progression of Information Security program.Implement, administer, and maintain Information Rights Management tool.Develop and update data flow diagrams for critical systems. Help identify manual workarounds for system integrations and dependencies to help mature cyber resiliency program.Create, update, and maintain the privacy data map that is required for different privacy regulations (GDPR, CPRA, PIPL, DPDP).Perform privacy impact and/or security assessments as needed for different projects and systems.Provide cybersecurity expertise/consulting to teams and management**Requirements**:**Minimum Education Level**: Bachelor's Degree, Information Systems Management, Computer Science, Cybersecurity, or related field.5+ years of full-time work experience in IT audit, security risk management, information security, security compliance, privacy, or other GRC areas.Experience in leading security assessments, developing and implementing security controls, and driving security compliance programs.Working knowledge of Privacy (GDPR, CCPA, PIPL), ISO27000 and NIST 800-171 requirements.Understanding of common Information Security frameworks such as COBIT, SANS Critical Controls, and NIST CSFGood communication skills, strong work ethic, attention to detail, and ability to collaborate in a team setting.Strong critical thinking, analytical, and problem-solving skillsProficient with the Microsoft office suite.CISSP, CISA, CISM, CRISC or a similar risk management, audit, or security certification(s) is preferred.**Salary**:$60,000 - $80,000