Job Title: Security Analyst

Reporting to: System Engineer

Purpose of Role:

The Security Analyst will be responsible for managing Governance, Risk, and Compliance (GRC) for the organization, developing and maintaining security policies, and ensuring adherence to industry-standard security frameworks. The ideal candidate will have at least 5 years of experience in cybersecurity, strong technical expertise in application and network security, and hands-on experience with security solutions such as Zscaler, CrowdStrike, and Rapid7.

Key Duties and Responsibilities:

As part of a cross-functional team, the Security Analyst will work under the general guidance of the System Engineer to undertake the following activities:

Governance, Risk, and Compliance (GRC):

• Implement and maintain GRC frameworks to ensure compliance with industry standards.
• Conduct regular risk assessments and audits to identify vulnerabilities and compliance gaps.
• Develop and execute remediation plans for identified security risks.
• Ensure adherence to security frameworks such as ISO 27001, NIST Cybersecurity Framework, or CIS Controls.

Security Solutions & Incident Response:

• Manage, configure, and troubleshoot security solutions, including Zscaler, CrowdStrike, and Rapid7.
• Implement and maintain endpoint security solutions, firewalls, and software updates to enhance network protection.
• Conduct vulnerability assessments, penetration testing, and incident response to mitigate risks.
• Simulate data loss scenarios to evaluate disaster recovery plans and optimize security measures.
• Monitor and analyze security logs and alerts to detect potential threats and vulnerabilities.

Security Policy & Compliance:

• Develop and enforce security policies, standards, and procedures to guide organizational security practices.
• Ensure compliance with industry regulations and best practices through regular assessments.
• Assist in security awareness training to educate staff on security best practices.

Education and Experience:

• Bachelors degree (or equivalent) in Information Security, Computer Science, Technology, or a related field.
• At least 5 years of experience in cybersecurity within a midsize company, demonstrating:
• Strong knowledge of IT infrastructure, hardware, software, and networks.
• Expertise in security frameworks such as ISO 27001, NIST, or CIS Controls.
• Ability to identify, diagnose, and mitigate threats using critical thinking and analytical skills.
• Strong problem-solving abilities to develop effective security procedures and response plans.
• Excellent written and verbal communication skills for reports, training sessions, and collaboration with IT teams.
• Organizational skills to create clear and concise security reports.

Preferred Qualifications & Skills:

• Hands-on experience with security solutions such as Zscaler, CrowdStrike, and Rapid7.
• Security certifications such as CISSP, CISM, CEH, or equivalent (preferred).
• Experience working in both individual and team environments within an IT security setting.

Personal Attributes:

• Strong analytical and troubleshooting skills to navigate complex security challenges.
• Customer-centric approach, ensuring security aligns with business objectives.
• Effective communication and interpersonal skills, with the ability to explain technical concepts to non-technical stakeholders.
• Proactive and self-motivated, capable of working independently with minimal supervision.
• Strong accountability and problem-solving mindset, with a passion for security excellence.
• Adaptability to work with different internal procedures and client security policies.
• A "can-do" mindset, focused on delivering security solutions efficiently.

Special Conditions:

• The role may require occasional overseas travel.
• All air travel will be economy class.