Security Analyst at NovaSource safeguarding digital assets and responding to cyber threats. Collaborating across IT and operational technology to monitor and mitigate risks.
About the role
- Information Security Risk Advisory professional assessing and managing technology risks at Grainger. Collaborating with teams on risk assessments and technology initiatives in a hybrid work environment.
Responsibilities
- Perform information security risk assessments, control testing, and security reviews across systems, applications, and processes
- Support compliance efforts by assessing alignment with internal policies, regulatory requirements, and industry frameworks such as NIST CSF, PCI DSS 4.0, and related standards, and by assisting in the identification and tracking of remediation activities
- Contribute to third-party risk management activities, including reviewing vendor security documentation, conducting risk assessments, and supporting risk rating, issue tracking, and risk acceptance processes
- Support technology initiatives—such as new system implementations, cloud services, and process changes—by identifying potential risks and control gaps and advising on mitigation strategies
- Work independently on assigned assessments while escalating complex risks as needed, contributing to continuous improvement of the organization’s information security risk management program
Requirements
- Bachelor’s degree in Information Security, Information Systems, Computer Science, Risk Management, or a related field, or equivalent practical experience
- 2-4 years of experience in information security, technology risk, cybersecurity, GRC, internal audit, or risk advisory roles
- Working knowledge of information security and risk frameworks such as NIST CSF, NIST 800-53, or similar standards
- Experience conducting risk assessments, control reviews, and gap analyses across applications, infrastructure, cloud environments, or business processes
- Familiarity with third-party and vendor risk management, including review of security questionnaires, SOC reports, and other assurance artifacts
- Ability to document findings clearly and communicate technical risks in business-focused language
- Experience supporting audits, regulatory examinations, or compliance initiatives in collaboration with internal audit, legal, and compliance teams
- Strong analytical, organizational, and time-management skills with the ability to manage multiple assessments concurrently
Benefits
- Medical, dental, vision, and life insurance plans with coverage starting on day one of employment
- 6 free sessions each year with a licensed therapist to support your emotional wellbeing
- 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year
- 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required
- Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools
- Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Information Security Analyst managing digital assets protection for Peoples Bank. Assisting in daily activities, user administration, and security documentation.
Information Security Analyst protecting Peoples Bank digital assets and managing user access changes. Daily activities include support tickets, audits, and team collaboration.
SAP Security Analyst designing and maintaining security controls for Emerson’s SAP landscape. Ensures compliance and governs user authorizations across all business operations.
IT Security Analyst part of the Blue Team at Bundesdruckerei GmbH in Berlin. Focusing on security monitoring and incident response within a modern infrastructure.
Information Security Analyst evaluating cybersecurity and third - party risk for clients in regulated industries. Utilizing VRM and Cybersecurity Compliance platforms to ensure rigorous security standards.
Acquisition Security Analyst at GDIT ensuring technology safety and securing advanced programs. Collaborating on program protection methodologies and conducting lifecycle analysis for critical information.
Operational Safety Analyst supporting safety management and process improvements at Gol Linhas Aéreas. Engaging in compliance and risk management with a diverse team.
Cybersecurity Analyst at EdgeUno responsible for designing and implementing security controls across platforms. Collaborates with teams to ensure secure architecture for ISP and cloud services.
Cybersecurity Analyst designing, implementing, and maintaining security controls across EdgeUno’s network and platforms in Latin America. Requires collaboration with various technical teams and security technology expertise.