Vulnerability Analyst role in BGS supporting government clients. Conduct vulnerability assessments and enhance cybersecurity protocols for effective mitigation strategies.
About the role
- Information Security Analyst SME protecting information assets by designing and maintaining security policies. Ensuring compliance with security standards in a tech services company focused on digital transformation.
Responsibilities
- The Information Security Analyst (SME) is responsible for protecting the organization’s information assets by designing, implementing, and maintaining security controls, policies, and best practices. As a Subject Matter Expert, this role provides hands-on technical expertise, risk assessment, and advisory support across the business, ensuring compliance with security standards while enabling secure business operations.
- Compliance Monitoring: Support the implementation and monitoring of security policies to ensure compliance with applicable laws, regulations, and industry standards (e.g. ISO 27001, NIST)
- Participate in internal, external or regulatory audits as required.
- Other work or projects as assigned.
Requirements
- Aligns with our values: Excellence, Integrity, Professionalism, People Success, Customer Success, Fun, Innovation and Diversity
- Strong communication skills
- Strong problem solving and analytical skills
- Excellent problem-solving ability
- Minimum Requirements:
- Bachelor’s degree in Information Security, Computer Science, IT, or a related field (or equivalent experience)
- at least 5 years of experience in information security, cybersecurity, or IT risk roles
- Strong understanding of:
- Information security principles and frameworks
- Risk assessment and vulnerability management
- Identity and access management (IAM)
- Data protection and privacy concepts
- Experience working in a hands-on, SME or fast-growing organization
- Experience communicating policies and compliance requirements with both technical and non-technical audiences at various levels in the organization.
- Good experience in establishing and performing policy, standard and procedure assessment in a cloud-based environment, technologies, and services.
- Good experience defining, revising, and implementing corporate information security policies, standards, processes, guideline, and related regulatory expectations.
- Familiarity with various industry frameworks and requirements including NIST framework, ISO 27001, PCI DSS, SOC 2, etc.
- Passionate in ensuring the confidentiality, integrity, and availability of our critical assets and contributing to our organization's information security initiatives by applying your knowledge and attention to details.
- Able to work and communicate well with different stakeholders.
- Remains composed when decisions have to be made quickly.
- Preferred:
- Relevant certifications (any of the following):
- CISSP, CISM, CISA
- ISO 27001 Lead Implementer / Auditor
- Security+, CEH, or equivalent
- Experience with cloud security (AWS, Azure, or GCP)
- Familiarity with security tools (SIEM, endpoint security, vulnerability scanners)
- Good understanding of regulatory requirements in different markets the organization operates (e.g., MAS, HKMA, FSC, BNM, BSP, BOT).
- Good understanding of security risk and compliance assessment, process, and procedures
- Good to have Cybersecurity Fundamental certifications such as CompTIA Security+, ISC, etc.
- Able to develop and implement new and improved ways of doing work; encourage staff and guide organization and foster a positive security behavior and posture.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Analyst of Information Security focusing on Governance and Project Risk Analysis in software development. Join a dynamic team collaborating on security in tech projects.
Cybersecurity Analyst responsible for protecting corporate environments and managing security incidents. Collaborating with IT teams and providing strategic security communications.
Information Security Analyst role focusing on cybersecurity for a retail company based in Belo Horizonte. Tasks include managing security tools and monitoring incidents.
Intern engaging in cybersecurity projects with Intact, enabling a diverse team to innovate solutions. Opportunities for personalized professional development and collaborative industry impact during Summer 2026.
Cyber Security Analyst at GDIT handling forensic analysis, monitoring security violations in diverse locations. Requires 8+ years of experience and relevant certifications.
Intermediate Information Security Analyst for Identity Access Management at St. Elizabeth Healthcare. Supporting IAM and Information Security management to ensure robust security protocols.
Information Security Analyst at PointClickCare planning and executing security measures for technology infrastructure. Enhancing security operations and managing projects while collaborating with various teams.
SOC Senior Analyst managing a team of SOC analysts for 24/7 security operations. Working alongside Threat Intelligence, Engineering, and Incident Response teams to enhance the security posture.
IT Security Analyst at Davy enhancing security by monitoring security controls and supporting compliance activities. Collaborating with teams on vulnerability assessment and risk management processes.