Information Security Analyst POST NUMBER: 464906
Title: Information Security Analyst
Role Overview: The Information Security Analyst is a hands-on role within the Information Security function, partnering closely with IT and business stakeholders to ensure consistent, measurable delivery of security services. This position focuses on third-party risk management, security assessments, and the integration of security controls across enterprise and cloud-based systems.
The ideal candidate has a strong foundation in cybersecurity risk management, vendor security assessments, and core security concepts, and thrives in a fast-paced, highly collaborative environment with modern and emerging technologies.
Key Responsibilities
-
Support a Technology Vendor Management and Third-Party Risk Management program, including vendor risk reviews, renewals, and ongoing monitoring
-
Conduct vendor, product, and application security assessments, partnering with system owners to integrate security early in the project lifecycle
-
Participate in risk reviews and assessments aligned to security and IT control frameworks (NIST CSF, CIS, ISO 27001, ITIL)
-
Coordinate the implementation of core security integrations such as SSO, event logging, alerting, secrets management, and backup/recovery across internal and SaaS applications
-
Partner with business teams to review workflows and recommend security process improvements
-
Support the development and execution of data protection and risk mitigation initiatives
-
Produce clear, written security assessments documenting vendor and application security posture
-
Develop and deliver security metrics, dashboards, and reporting to measure control effectiveness
Required Qualifications
-
2–3 years of experience in Information Technology
-
Minimum of 2 years of experience in cybersecurity risk management
-
Experience conducting vendor due diligence and third-party security assessments
-
Familiarity with security frameworks and standards such as NIST, ISO 27001, SOC, PCI-DSS, FedRAMP
-
Experience coordinating technical security integrations across systems and applications
-
Strong understanding of operating systems, servers, cloud applications, and infrastructure fundamentals
-
Ability to analyze complex system architectures and identify security integration opportunities
-
Bachelor’s or Master’s degree in a relevant field
Preferred Qualifications
-
Experience with Third-Party Risk Management or GRC platforms (e.g., OneTrust, SIG, or similar tools)
-
Familiarity with identity and access management concepts including SSO, SAML, Active Directory, Azure AD, and cloud IAM
-
Experience with security logging and event management tools (e.g., SIEM platforms)
-
Hands-on exposure to AWS and/or Azure cloud environments
-
Experience producing operational security metrics and dashboards
Tools & Skills
-
Strong cybersecurity fundamentals with a focus on risk, controls, and integrations
-
Experience using productivity and project tracking tools (Microsoft Office, JIRA or similar)
-
Strong written and verbal communication skills
Work Environment
Collaborative, service-oriented environment where teams support one another while maintaining ownership of individual responsibilities.
Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
EEO Notice
Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.
Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .
Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.
By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.
Privacy Notice
Vaco by Highspring and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco by Highspring”) respects your privacy and are committed to providing transparent notice of our policies.
- California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
- Virginia residents may access our state specific policies here.
- Residents of all other states may access our policies here.
- Canadian residents may access our policies in English here and in French here.
- Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:
- the individual’s skill sets, experience and training;
- licensure and certification requirements;
- office location and other geographic considerations;
- other business and organizational needs.
With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.