Information Security Analyst

Job Title:

Department:

Experience Level:

Employment Type:

Job Summary:

We are seeking a highly motivated and detail-oriented Information Security Analyst / Sr. Analyst to join our GRC team, with a focus on Identity Governance and Compliance. This role is pivotal in ensuring that Identity and Access Management (IAM) practices align with regulatory requirements, internal policies, and industry best practices. The ideal candidate will have experience with User Access Reviews (UAR), Active Directory (AD), and a strong understanding of security frameworks such as PCI DSS, ISO 27001, NIST, and COBIT.

Key Responsibilities:

• Manage the Identity Governance and compliance activities, including periodic User Access Reviews (UAR) and RBAC activities.
• Ensure IAM practices comply with internal policies and external regulatory requirements.
• Maintain and enhance identity governance policies, standards, and procedures.
• Provide subject matter expertise on Active Directory (AD), including group policies and access provisioning/deprovisioning.
• Align identity governance practices with frameworks such as PCI DSS, ISO 27001, NIST CSF, and COBIT.
• Engage with IT, HR, and business units to enforce least privilege principles and maintain accurate access records.
• Conduct regular training sessions for the SM team on security controls and client requirements.
• Coordinate SME involvement in quarterly meetings and training initiatives.
• Maintain and organize SharePoint and Jira spaces for audit readiness and evidence management.
• Participate in incident management, change control meetings, and cloud migration initiatives.
• Engage in SOC operations and threat tracking.
• Drive continuous improvement initiatives in identity governance and GRC processes.
• Lead the annual review of security information presentations in collaboration with Compliance.

Required Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 2 – 4 years of experience in Information Security, with a focus on Identity Governance and Compliance.
• Strong understanding of User Access Review (UAR) processes and tools.
• Experience with Active Directory (AD) and identity lifecycle management.
• Familiarity with regulatory and compliance frameworks: PCI DSS, ISO 27001, NIST, COBIT.
• Excellent analytical, documentation, and communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.

Preferred Qualifications:

• Relevant certifications such as CISSP, CISA, CISM, CRISC, or GIAC.
• Experience with IAM tools (e.g., SailPoint, Saviynt, Okta, Azure AD).
• Prior experience supporting internal or external audits.
• Knowledge of GRC tools and platforms.
• Understanding of legal and regulatory standards such as FERPA, CIS, and data protection laws.
• Knowledge of Cloud Identity (AWS or Azure Identity).