BP
Bellinati PerezInformation Security Analyst – Mid-level
Information Security Analyst managing critical governance, risk, and compliance topics. Leading incident responses and security policy development in a hybrid work model.
About the role
- Serve as a subject matter expert, providing policy and risk-based consultation to enterprise customers, ensuring consistent adherence to regulatory requirements and best practices across all operations.
- Manage and drive critical cybersecurity projects from inception to completion, focusing on initiatives that improve internal customer experience by delivering user-centric security solutions and streamlining security processes.
- Act as a dedicated resource for Outside Service Provider (OSP) compliance, guiding business owners on company policy requirements and assisting in assessing the security posture of third-party vendors to minimize potential disruptions.
- Conduct high-risk Application and Infrastructure Governance, Risk, and Compliance (GRC) component assessments, identifying potential vulnerabilities, ensuring control implementation, and recommending mitigation strategies across various technologies.
- Support enterprise-level cybersecurity awareness initiatives, strengthening employee security awareness and empowering them as the first line of defense.
- Manage the full lifecycle of security vulnerabilities, including assisting teams with triage and analysis, evaluating associated risks, and implementing effective remediation strategies to defend against threats to enterprise assets.
- Collaborate with other cyber services to provide best-in-class consultation and support to enterprise customers.
- Reporting cyber security metrics by tracking key performance indicators (KPIs).
- Establishing robust engagement and communication channels to provide timely and quality response.
Requirements
- Bachelor's degree in a relevant field (e.g., Computer Science, Cybersecurity, Software Engineering, Information Security) or an equivalent combination of education, training, and experience.
- Minimum of 2-3 years of professional experience in IT (e.g., application development, infrastructure management), coupled with a strong desire and demonstrated aptitude for a career in cybersecurity.
- Minimum of 2 years of professional experience in one or more of the following technical disciplines:
- Third-party Risk Assessment
- Vulnerabilities Assessments
- Cybersecurity Consultation
- Cybersecurity Auditing
- Software Development and Coding (with a security focus)
- Application Security
- DevSecOps Methodologies
- Identity and Access Management (IAM)
- Cloud Security
- Security Operations and Incident Response
- Knowledge of cybersecurity frameworks and industry standards (e.g., NIST CSF, ISO 27001/2, OWASP).
- Familiarity with Threat Modeling and IT Risk Assessment methodologies.
- Knowledge of best practices for IAM flows, grant types, OAuth2, OIDC, and SAML standards.
- Experience with API security best practices to protect sensitive data and services.
- Knowledge of cryptographic algorithms and functions for building secure solutions.
- Familiarity with common security flaws and effective remediation strategies (e.g., OWASP Top 10).
- Understanding of DevSecOps principles, agile methodologies, and security policies.
Benefits
- Health insurance
- Retirement plans
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
ST
Spread TecnologiaAnalista de Segurança da Informação Jr.
Information Security Analyst overseeing access management for SKY applications, ensuring security compliance and incident management. Involves technical support and lifecycle management of requests.
UH
upConsult <search - select - hire>Cyber Security Analyst, 80–100%
Cyber Security Analyst enhancing cyber resilience for the Swiss financial sector with a focus on threat intelligence. Collaborating closely with partners and regulatory agencies to safeguard against cyber threats.
Junior Information Security Analyst at Dotz supporting IT in security solutions and information asset protection. Engaging with various technology areas and projects on cybersecurity initiatives.
GS
GuideWell SourceCybersecurity Analyst
Cybersecurity Analyst developing and implementing information security programs at WebTPA. Liaising between IT and business partners, addressing security requirements throughout project life cycle.
II
I Am Boundless, Inc.Cyber Security Analyst
Cyber Security Analyst managing user access and security for all company applications at a non - profit organization. Collaborating with teams to monitor cyber security incidents and ensure compliance with policies.
SH
Sheraton Heathrow HotelCyber Security Analyst, Wintel
Cyber Security Analyst managing cyber security incidents and improving resilience at Heathrow Airport. Leading response playbook development and simulation exercises for effective incident handling.
OT Security Analyst at EY's IoT/OT Security HUB, supporting cybersecurity engagements and developing solutions for the EMEIA region.
Security Operations Analyst responsible for monitoring and analyzing security events at Gen Digital. Collaborating with experts to protect global systems and data while enhancing cybersecurity posture.
Incident manager for information security incidents at TD Bank. Leading incident response and coordination for investigative activities and fraud management.